Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-3434 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2020-08-17 | CVE-2020-3413 | Incorrect Authorization vulnerability in Cisco Webex Meetings Online A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. | 4.3 |
| 2020-08-17 | CVE-2020-3412 | Incorrect Authorization vulnerability in Cisco Webex Meetings Online A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. | 4.3 |
| 2020-08-17 | CVE-2020-3346 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2020-07-31 | CVE-2020-3462 | SQL Injection vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.3 |
| 2020-07-31 | CVE-2020-3461 | Missing Authentication for Critical Function vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. | 5.3 |
| 2020-07-31 | CVE-2020-3460 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2020-07-16 | CVE-2020-3468 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 5.4 |
| 2020-07-16 | CVE-2020-3450 | SQL Injection vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. | 4.9 |
| 2020-07-16 | CVE-2020-3437 | Unspecified vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. | 6.5 |