Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-3339 | SQL Injection vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 5.4 |
| 2020-06-03 | CVE-2020-3335 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. | 5.5 |
| 2020-06-03 | CVE-2020-3333 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. | 5.3 |
| 2020-06-03 | CVE-2020-3237 | Link Following vulnerability in Cisco IOX A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. | 6.3 |
| 2020-06-03 | CVE-2020-3233 | Cross-site Scripting vulnerability in Cisco IOX A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. | 5.4 |
| 2020-06-03 | CVE-2020-3231 | Incorrect Authorization vulnerability in Cisco IOS A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. | 4.7 |
| 2020-06-03 | CVE-2020-3223 | Link Following vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. | 4.9 |
| 2020-06-03 | CVE-2020-3222 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. low complexity cisco | 4.3 |
| 2020-06-03 | CVE-2020-3220 | Insufficient Verification of Data Authenticity vulnerability in Cisco IOS XE A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. | 6.8 |
| 2020-06-03 | CVE-2020-3216 | Improper Authentication vulnerability in Cisco IOS XE Sd-Wan A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. | 6.8 |