Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3476 | Files or Directories Accessible to External Parties vulnerability in Cisco IOS 16.10.1/16.9 A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. | 6.0 |
| 2020-09-24 | CVE-2020-3465 | Unspecified vulnerability in Cisco IOS XE 16.6.9/17.4.1 A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. low complexity cisco | 6.5 |
| 2020-09-24 | CVE-2020-3429 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1S A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. | 6.5 |
| 2020-09-24 | CVE-2020-3428 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2020-09-24 | CVE-2020-3423 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. | 6.7 |
| 2020-09-24 | CVE-2020-3417 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3416 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3418 | Unspecified vulnerability in Cisco IOS XE 17.1.1 A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. low complexity cisco | 4.7 |
| 2020-09-23 | CVE-2019-15959 | Improper Input Validation vulnerability in Cisco Spa500 Series IP Phones Firmware A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. | 6.6 |
| 2020-09-23 | CVE-2019-15969 | Cross-site Scripting vulnerability in Cisco web Security Appliance A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. | 6.1 |