Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-04 | CVE-2020-3155 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. | 5.8 |
| 2020-03-04 | CVE-2020-3148 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Network Registrar A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 4.3 |
| 2020-02-26 | CVE-2020-3170 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. | 4.3 |
| 2020-02-26 | CVE-2020-3169 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. | 6.7 |
| 2020-02-26 | CVE-2020-3166 | Improper Input Validation vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). | 6.7 |
| 2020-02-26 | CVE-2020-3165 | Use of Hard-coded Credentials vulnerability in Cisco Nx-Os A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. | 4.3 |
| 2020-02-19 | CVE-2020-3160 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. | 4.3 |
| 2020-02-19 | CVE-2020-3159 | Cross-site Scripting vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
| 2020-02-19 | CVE-2020-3156 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.6.0/2.7 A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. | 6.1 |
| 2020-02-19 | CVE-2020-3154 | SQL Injection vulnerability in Cisco Cloud web Security 5.2(0) A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. | 4.0 |