Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-10 | CVE-2022-20830 | Missing Authentication for Critical Function vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. | 5.3 |
| 2022-10-10 | CVE-2022-20864 | Unspecified vulnerability in Cisco IOS XE ROM Monitor A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. low complexity cisco | 4.6 |
| 2022-10-10 | CVE-2022-20944 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. | 6.8 |
| 2022-09-30 | CVE-2022-20662 | Improper Authentication vulnerability in Cisco DUO 1.1.0/1.1.1/2.0 A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. | 6.8 |
| 2022-09-30 | CVE-2022-20728 | Unspecified vulnerability in Cisco products A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. low complexity cisco | 4.7 |
| 2022-09-30 | CVE-2022-20769 | Out-of-bounds Write vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2022-09-30 | CVE-2022-20810 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. | 6.5 |
| 2022-09-30 | CVE-2022-20844 | Use of Hard-coded Credentials vulnerability in Cisco Sd-Wan A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. | 5.3 |
| 2022-09-30 | CVE-2022-20855 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. | 6.7 |
| 2022-09-30 | CVE-2022-20930 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. | 6.7 |