Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-20252 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. | 8.8 |
| 2024-02-07 | CVE-2024-20254 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. | 8.8 |
| 2024-02-07 | CVE-2024-20255 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. | 7.1 |
| 2024-02-07 | CVE-2024-20290 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. | 7.5 |
| 2024-01-26 | CVE-2024-20263 | Unspecified vulnerability in Cisco products A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. | 7.2 |
| 2024-01-17 | CVE-2023-20258 | Unspecified vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 7.2 |
| 2024-01-17 | CVE-2024-20277 | Unspecified vulnerability in Cisco Thousandeyes Enterprise Agent A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. | 8.0 |
| 2024-01-17 | CVE-2024-20287 | Command Injection vulnerability in Cisco Wap371 Firmware A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. | 7.2 |
| 2023-11-21 | CVE-2023-20272 | Unspecified vulnerability in Cisco Identity Services Engine 3.0.0/3.1 A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. | 8.8 |
| 2023-11-21 | CVE-2023-20274 | Unspecified vulnerability in Cisco Appdynamics A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. | 7.8 |