Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2022-20790 | Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. | 6.5 |
| 2022-04-21 | CVE-2022-20804 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco Unified Communications Manager A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. | 6.5 |
| 2022-04-21 | CVE-2022-20805 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco Umbrella Secure web Gateway A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. | 4.1 |
| 2022-04-15 | CVE-2022-20661 | Improper Initialization vulnerability in Cisco IOS Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. | 4.6 |
| 2022-04-15 | CVE-2022-20676 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. | 6.7 |
| 2022-04-15 | CVE-2022-20677 | Inadequate Encryption Strength vulnerability in Cisco IOS 17.6.1 Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.7 |
| 2022-04-15 | CVE-2022-20684 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. | 6.5 |
| 2022-04-15 | CVE-2022-20692 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. | 6.5 |
| 2022-04-15 | CVE-2022-20694 | Reachable Assertion vulnerability in Cisco IOS XE A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. | 6.8 |
| 2022-04-15 | CVE-2022-20717 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Sd-Wan Vedge Router 20.7 A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. | 5.5 |