Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-18 | CVE-2020-3354 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2020-06-18 | CVE-2020-3350 | Race Condition vulnerability in multiple products A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. | 6.3 |
| 2020-06-18 | CVE-2020-3347 | Information Exposure vulnerability in Cisco Webex Meetings 39.5.25/39.5.26/40.6.0 A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. | 5.5 |
| 2020-06-18 | CVE-2020-3337 | Open Redirect vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. | 6.1 |
| 2020-06-18 | CVE-2020-3245 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. | 5.3 |
| 2020-06-18 | CVE-2020-3244 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. | 5.3 |
| 2020-06-18 | CVE-2020-3242 | Information Exposure vulnerability in Cisco UCS Director A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. | 4.9 |
| 2020-06-18 | CVE-2020-3241 | Path Traversal vulnerability in Cisco UCS Director A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. | 6.5 |
| 2020-06-18 | CVE-2020-3236 | Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. | 6.7 |
| 2020-06-03 | CVE-2020-3353 | Race Condition vulnerability in Cisco Identity Services Engine 2.2.0.470/2.3.0.298/2.4.0.357 A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.9 |