Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-31734 Cross-site Scripting vulnerability in Cisco Ws-C2940-8Tf-S Firmware and Ws-C2940-8Tt-S Firmware
** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc.
network
cisco CWE-79
4.3
2022-06-15 CVE-2022-20733 Improper Authentication vulnerability in Cisco Identity Services Engine 3.1
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.
network
low complexity
cisco CWE-287
5.0
2022-06-15 CVE-2022-20736 Missing Authorization vulnerability in Cisco Appdynamics Controller
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access.
network
low complexity
cisco CWE-862
5.0
2022-06-15 CVE-2022-20798 Improper Authentication vulnerability in Cisco products
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.
network
cisco CWE-287
6.8
2022-06-15 CVE-2022-20817 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode.
network
high complexity
cisco CWE-338
4.0
2022-06-15 CVE-2022-20819 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
network
low complexity
cisco CWE-269
4.0
2022-05-27 CVE-2022-20666 Cross-site Scripting vulnerability in Cisco Common Services Platform Collector
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
cisco CWE-79
4.3
2022-05-27 CVE-2022-20667 Cross-site Scripting vulnerability in Cisco Common Services Platform Collector
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
cisco CWE-79
4.3
2022-05-27 CVE-2022-20668 Cross-site Scripting vulnerability in Cisco Common Services Platform Collector
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
cisco CWE-79
4.3
2022-05-27 CVE-2022-20669 Cross-site Scripting vulnerability in Cisco Common Services Platform Collector
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
cisco CWE-79
4.3