Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2020-3117 Unspecified vulnerability in Cisco products
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response.
network
cisco
4.3
2020-09-23 CVE-2020-3116 Improper Input Validation vulnerability in Cisco Webex Meetings Online and Webex Meetings Server
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition.
network
cisco CWE-20
4.3
2020-09-23 CVE-2019-1736 Improper Verification of Cryptographic Signature vulnerability in Cisco products
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device.
local
cisco CWE-347
6.9
2020-09-04 CVE-2020-3547 Insufficiently Protected Credentials vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device.
network
low complexity
cisco CWE-522
6.5
2020-09-04 CVE-2020-3546 Improper Input Validation vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
network
low complexity
cisco CWE-20
5.0
2020-09-04 CVE-2020-3545 Out-of-bounds Write vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition.
local
low complexity
cisco CWE-787
6.7
2020-09-04 CVE-2020-3542 Improper Input Validation vulnerability in Cisco Webex Training
A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password.
network
high complexity
cisco CWE-20
5.3
2020-09-04 CVE-2020-3541 Information Exposure Through Log Files vulnerability in Cisco Webex Meetings and Webex Teams
A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information.
local
low complexity
cisco CWE-532
4.4
2020-09-04 CVE-2020-3537 Information Exposure vulnerability in Cisco Jabber
A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco CWE-200
5.7
2020-09-04 CVE-2020-3498 Improper Input Validation vulnerability in Cisco Jabber
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco CWE-20
6.5