Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-16 | CVE-2020-3405 | XXE vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 4.9 |
| 2020-07-16 | CVE-2020-3401 | Path Traversal vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. | 6.5 |
| 2020-07-16 | CVE-2020-3385 | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. low complexity cisco | 6.1 |
| 2020-07-16 | CVE-2020-3378 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.3 |
| 2020-07-16 | CVE-2020-3372 | Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. | 6.5 |
| 2020-07-16 | CVE-2020-3370 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. | 5.0 |
| 2020-07-16 | CVE-2020-3345 | Improper Input Validation vulnerability in Cisco Webex Meetings A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. | 4.3 |
| 2020-07-16 | CVE-2020-3197 | Improper Authentication vulnerability in Cisco Meeting Server A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. | 5.0 |
| 2020-07-16 | CVE-2020-3150 | Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. | 4.3 |
| 2020-07-16 | CVE-2020-3145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. | 6.5 |