Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-26 | CVE-2020-3115 | Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware 18.4.1/19.1.0 A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. | 8.8 |
| 2020-01-26 | CVE-2019-16022 | Resource Exhaustion vulnerability in Cisco IOS XR Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2020-01-26 | CVE-2019-16020 | Resource Exhaustion vulnerability in Cisco IOS XR Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2020-01-26 | CVE-2019-16005 | Improper Input Validation vulnerability in Cisco Collaboration Meeting Rooms and Webex Video Mesh A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. | 7.2 |
| 2020-01-26 | CVE-2019-15989 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2020-01-26 | CVE-2019-12629 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 7.2 |
| 2020-01-16 | CVE-2010-3048 | NULL Pointer Dereference vulnerability in Cisco Unified Personal Communicator 7.0(1.13056) Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | 7.5 |
| 2020-01-15 | CVE-2012-1326 | Improper Input Validation vulnerability in Cisco Ironport web Security Appliance 7.5 Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | 7.4 |
| 2020-01-06 | CVE-2019-15985 | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 7.2 |
| 2020-01-06 | CVE-2019-15984 | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 7.2 |