Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-17 | CVE-2020-3501 | Improper Input Validation vulnerability in Cisco Webex Meetings and Webex Meetings Server Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. | 4.1 |
2020-08-17 | CVE-2020-3472 | Incorrect Authorization vulnerability in Cisco Webex Meetings Online A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. | 5.0 |
2020-08-17 | CVE-2020-3464 | Cross-site Scripting vulnerability in Cisco UCS Director A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
2020-08-17 | CVE-2020-3463 | Cross-site Scripting vulnerability in Cisco Webex Meetings Online A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. | 6.1 |
2020-08-17 | CVE-2020-3449 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition. | 4.3 |
2020-08-17 | CVE-2020-3448 | Missing Authentication for Critical Function vulnerability in Cisco Cyber Vision Center A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. | 5.0 |
2020-08-17 | CVE-2020-3447 | Information Exposure Through Log Files vulnerability in Cisco products A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
2020-08-17 | CVE-2020-3435 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. | 5.5 |
2020-08-17 | CVE-2020-3434 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
2020-08-17 | CVE-2020-3413 | Incorrect Authorization vulnerability in Cisco Webex Meetings Online A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. | 4.3 |