Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-3252 | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 4.0 |
| 2020-04-15 | CVE-2020-3177 | Path Traversal vulnerability in Cisco products A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. | 5.0 |
| 2020-04-15 | CVE-2020-3162 | Improper Input Validation vulnerability in Cisco IOT Field Network Director A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2020-04-13 | CVE-2019-1866 | Insufficient Verification of Data Authenticity vulnerability in Cisco Webex Business Suite 39 Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. | 4.3 |
| 2020-03-19 | CVE-2019-16010 | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. | 4.8 |
| 2020-03-04 | CVE-2020-3193 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. | 5.0 |
| 2020-03-04 | CVE-2020-3192 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.3 |
| 2020-03-04 | CVE-2020-3190 | Resource Exhaustion vulnerability in Cisco IOS XR A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. | 5.0 |
| 2020-03-04 | CVE-2020-3181 | Resource Exhaustion vulnerability in Cisco Email Security Appliance A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. | 6.4 |
| 2020-03-04 | CVE-2020-3164 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. | 5.0 |