Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-17 CVE-2024-20287 Command Injection vulnerability in Cisco Wap371 Firmware
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
network
low complexity
cisco CWE-77
7.2
2023-11-21 CVE-2023-20272 Unspecified vulnerability in Cisco Identity Services Engine 3.0.0/3.1
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application.
network
low complexity
cisco
8.8
2023-11-21 CVE-2023-20274 Unspecified vulnerability in Cisco Appdynamics
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory.
local
low complexity
cisco
7.8
2023-11-01 CVE-2023-20042 Unspecified vulnerability in Cisco products
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
8.6
2023-11-01 CVE-2023-20063 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input.
local
low complexity
cisco CWE-20
8.2
2023-11-01 CVE-2023-20083 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition.
network
low complexity
cisco
8.6
2023-11-01 CVE-2023-20095 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
8.6
2023-11-01 CVE-2023-20175 OS Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
8.8
2023-11-01 CVE-2023-20196 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
network
low complexity
cisco CWE-434
7.2
2023-11-01 CVE-2023-20219 Command Injection vulnerability in Cisco Secure Firewall Management Center
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8