Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-20812 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 6.5 |
| 2022-07-06 | CVE-2022-20813 | Improper Certificate Validation vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 5.9 |
| 2022-07-06 | CVE-2022-20815 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2022-07-06 | CVE-2022-20862 | Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.3 |
| 2022-06-22 | CVE-2022-20651 | Information Exposure Through Log Files vulnerability in Cisco Adaptive Security Device Manager A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. | 5.5 |
| 2022-06-20 | CVE-2022-31734 | Cross-site Scripting vulnerability in Cisco Ws-C2940-8Tf-S Firmware and Ws-C2940-8Tt-S Firmware Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. | 6.1 |
| 2022-06-15 | CVE-2022-20736 | Missing Authorization vulnerability in Cisco Appdynamics Controller A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. | 5.3 |
| 2022-06-15 | CVE-2022-20819 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. | 6.5 |
| 2022-05-27 | CVE-2022-20666 | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2022-05-27 | CVE-2022-20667 | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |