Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-06 | CVE-2020-3329 | Unspecified vulnerability in Cisco products A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. | 4.0 |
| 2020-05-06 | CVE-2020-3315 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. | 5.3 |
| 2020-05-06 | CVE-2020-3313 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. | 4.3 |
| 2020-05-06 | CVE-2020-3312 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Management Center A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. | 5.0 |
| 2020-05-06 | CVE-2020-3311 | Open Redirect vulnerability in Cisco Firepower Management Center A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 5.8 |
| 2020-05-06 | CVE-2020-3310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Firepower Device Manager On-Box A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. | 6.8 |
| 2020-05-06 | CVE-2020-3308 | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. | 4.0 |
| 2020-05-06 | CVE-2020-3307 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. | 5.0 |
| 2020-05-06 | CVE-2020-3285 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) policy with URL category functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL. | 5.0 |
| 2020-05-06 | CVE-2020-3283 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. | 5.0 |