Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-20100 | Unspecified vulnerability in Cisco IOS XE 17.10.1 A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 6.8 |
| 2023-03-23 | CVE-2023-20112 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2023-03-09 | CVE-2023-20064 | Missing Authorization vulnerability in Cisco IOS XR A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. | 4.6 |
| 2023-03-03 | CVE-2023-20061 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 6.5 |
| 2023-03-03 | CVE-2023-20062 | Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 4.3 |
| 2023-03-03 | CVE-2023-20069 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. | 5.4 |
| 2023-03-03 | CVE-2023-20104 | Cross-site Scripting vulnerability in Cisco Webex Teams A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2023-03-01 | CVE-2022-20952 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. | 5.3 |
| 2023-03-01 | CVE-2023-20052 | XML Entity Expansion vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. | 5.3 |
| 2023-03-01 | CVE-2023-20053 | Cross-site Scripting vulnerability in Cisco Nexus Dashboard A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. | 6.1 |