Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-3427 | Unspecified vulnerability in Cisco DUO Authentication for Windows Logon and RDP The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. | 4.6 |
| 2020-10-08 | CVE-2020-3597 | Path Traversal vulnerability in Cisco Nexus Data Broker 3.9(0) A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. | 5.4 |
| 2020-10-08 | CVE-2020-3602 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-08 | CVE-2020-3601 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-08 | CVE-2020-3598 | Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. | 6.5 |
| 2020-10-08 | CVE-2020-3589 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2020-10-08 | CVE-2020-3568 | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.8 |
| 2020-10-08 | CVE-2020-3567 | Improper Input Validation vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. | 6.5 |
| 2020-10-08 | CVE-2020-3543 | Memory Leak vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. | 6.5 |
| 2020-10-08 | CVE-2020-3467 | Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. | 5.5 |