Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-18 | CVE-2020-3245 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 7201910/7202001 A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. | 5.0 |
| 2020-06-18 | CVE-2020-3244 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. | 5.0 |
| 2020-06-18 | CVE-2020-3242 | Information Exposure vulnerability in Cisco UCS Director A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. | 4.0 |
| 2020-06-03 | CVE-2020-3353 | Race Condition vulnerability in Cisco Identity Services Engine 2.2.0.470/2.3.0.298/2.4.0.357 A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.9 |
| 2020-06-03 | CVE-2020-3339 | SQL Injection vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.4 |
| 2020-06-03 | CVE-2020-3333 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. | 5.0 |
| 2020-06-03 | CVE-2020-3281 | Information Exposure Through Log Files vulnerability in Cisco Digital Network Architecture Center A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. | 4.0 |
| 2020-06-03 | CVE-2020-3267 | Files or Directories Accessible to External Parties vulnerability in Cisco Unified Contact Center Express A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. | 5.5 |
| 2020-06-03 | CVE-2020-3257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.8(3.0Z)M1/15.9 Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | 4.8 |
| 2020-06-03 | CVE-2020-3238 | Improper Input Validation vulnerability in Cisco IOX A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. | 5.5 |