Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-01 | CVE-2023-20213 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. low complexity cisco | 4.3 |
2023-11-01 | CVE-2023-20245 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. | 5.8 |
2023-11-01 | CVE-2023-20256 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. | 5.8 |
2023-11-01 | CVE-2023-20270 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. | 5.8 |
2023-10-18 | CVE-2023-20261 | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. | 6.5 |
2023-09-27 | CVE-2023-20109 | Out-of-bounds Write vulnerability in Cisco IOS A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. | 6.6 |
2023-09-27 | CVE-2023-20179 | Cross-site Scripting vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. | 5.4 |
2023-09-27 | CVE-2023-20202 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. low complexity cisco | 6.5 |
2023-09-27 | CVE-2023-20251 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Mobility Express Software A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. | 5.3 |
2023-09-27 | CVE-2023-20253 | Unspecified vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. | 5.5 |