Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-20256 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device.
network
low complexity
cisco
5.8
2023-11-01 CVE-2023-20270 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
5.8
2023-10-18 CVE-2023-20261 Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI.
network
low complexity
cisco
6.5
2023-09-27 CVE-2023-20109 Out-of-bounds Write vulnerability in Cisco IOS
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature.
network
high complexity
cisco CWE-787
6.6
2023-09-27 CVE-2023-20179 Cross-site Scripting vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields.
network
low complexity
cisco CWE-79
5.4
2023-09-27 CVE-2023-20202 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management.
low complexity
cisco
6.5
2023-09-27 CVE-2023-20251 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Mobility Express Software
A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions.
high complexity
cisco CWE-119
5.3
2023-09-27 CVE-2023-20253 Unspecified vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system.
local
low complexity
cisco
5.5
2023-09-27 CVE-2023-20268 Resource Exhaustion vulnerability in Cisco products
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic.
low complexity
cisco CWE-400
4.7
2023-09-15 CVE-2022-20917 Unspecified vulnerability in Cisco Jabber
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software.
network
low complexity
cisco
4.3