Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-3282 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.3 |
| 2020-07-02 | CVE-2020-3402 | Missing Authentication for Critical Function vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 5.0 |
| 2020-07-02 | CVE-2020-3391 | Insufficiently Protected Credentials vulnerability in Cisco Digital Network Architecture Center A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. | 4.0 |
| 2020-06-18 | CVE-2020-3368 | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.0 |
| 2020-06-18 | CVE-2020-3364 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. | 5.0 |
| 2020-06-18 | CVE-2020-3362 | Unspecified vulnerability in Cisco Network Services Orchestrator A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. | 4.7 |
| 2020-06-18 | CVE-2020-3360 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. | 5.0 |
| 2020-06-18 | CVE-2020-3356 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.3 |
| 2020-06-18 | CVE-2020-3350 | Race Condition vulnerability in multiple products A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. | 6.3 |
| 2020-06-18 | CVE-2020-3337 | Open Redirect vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. | 5.8 |