Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-3501 Improper Input Validation vulnerability in Cisco Webex Meetings and Webex Meetings Server
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users.
network
low complexity
cisco CWE-20
4.1
2020-08-17 CVE-2020-3472 Incorrect Authorization vulnerability in Cisco Webex Meetings Online
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information.
network
low complexity
cisco CWE-863
5.0
2020-08-17 CVE-2020-3464 Cross-site Scripting vulnerability in Cisco UCS Director
A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.8
2020-08-17 CVE-2020-3463 Cross-site Scripting vulnerability in Cisco Webex Meetings Online
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.
network
low complexity
cisco CWE-79
6.1
2020-08-17 CVE-2020-3449 Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR
A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition.
network
low complexity
cisco CWE-754
4.3
2020-08-17 CVE-2020-3448 Missing Authentication for Critical Function vulnerability in Cisco Cyber Vision Center
A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device.
network
low complexity
cisco CWE-306
5.0
2020-08-17 CVE-2020-3447 Information Exposure Through Log Files vulnerability in Cisco products
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device.
network
low complexity
cisco CWE-532
6.5
2020-08-17 CVE-2020-3435 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device.
local
low complexity
cisco CWE-20
5.5
2020-08-17 CVE-2020-3434 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco CWE-20
5.5
2020-08-17 CVE-2020-3413 Incorrect Authorization vulnerability in Cisco Webex Meetings Online
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization.
network
low complexity
cisco CWE-863
4.3