Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-20220 Command Injection vulnerability in Cisco Secure Firewall Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8
2023-11-01 CVE-2023-20086 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco
8.6
2023-11-01 CVE-2023-20195 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
network
low complexity
cisco CWE-434
7.2
2023-11-01 CVE-2023-20244 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
8.6
2023-10-25 CVE-2023-20273 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
network
low complexity
cisco CWE-78
7.2
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-04 CVE-2023-20235 Improper Privilege Management vulnerability in Cisco IOS XE
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode.
network
low complexity
cisco CWE-269
8.8
2023-10-04 CVE-2023-20259 Unspecified vulnerability in Cisco products
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing.
network
low complexity
cisco
7.5
2023-09-27 CVE-2023-20033 Unspecified vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface.
network
low complexity
cisco
8.6
2023-09-27 CVE-2023-20034 Unspecified vulnerability in Cisco Sd-Wan
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage.
network
low complexity
cisco
7.5