Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-20517 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
6.8
2024-10-02 CVE-2024-20522 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
6.8
2024-10-02 CVE-2024-20523 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
6.8
2024-10-02 CVE-2024-20524 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
6.8
2024-09-25 CVE-2024-20414 Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method.
network
low complexity
cisco CWE-352
6.5
2024-09-25 CVE-2024-20434 Integer Overflow or Wraparound vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information.
low complexity
cisco CWE-190
4.3
2024-09-25 CVE-2024-20465 Unspecified vulnerability in Cisco IOS
A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP).
network
low complexity
cisco
5.8
2024-09-25 CVE-2024-20475 Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
5.4
2024-09-25 CVE-2024-20508 Out-of-bounds Write vulnerability in Cisco Unified Threat Defense Snort Intrusion Prevention System Engine
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine.
network
low complexity
cisco CWE-787
6.5
2024-09-11 CVE-2024-20343 Unspecified vulnerability in Cisco IOS XR
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system.
local
low complexity
cisco
5.5