Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-3394 | Missing Authorization vulnerability in Cisco Nx-Os A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. | 7.2 |
| 2020-08-26 | CVE-2020-3507 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. | 8.8 |
| 2020-08-26 | CVE-2020-3506 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. | 8.8 |
| 2020-08-26 | CVE-2020-3446 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. | 7.5 |
| 2020-08-26 | CVE-2020-3443 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 8202004 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. | 8.8 |
| 2020-08-26 | CVE-2020-3152 | Incorrect Default Permissions vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. | 7.2 |
| 2020-08-17 | CVE-2020-3500 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Staros A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2020-08-17 | CVE-2020-3433 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. | 7.8 |
| 2020-08-12 | CVE-2020-16139 | Unspecified vulnerability in Cisco Unified IP Conference Station 7937G Firmware 1.4.4.0/1.4.5.7 A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. | 7.5 |
| 2020-08-12 | CVE-2020-16138 | Unspecified vulnerability in Cisco Unified IP Conference Station 7937G Firmware 1.4.4.0/1.4.5.7 A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. | 7.5 |