Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2020-3153 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090 A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. | 4.9 |
| 2020-02-19 | CVE-2020-3114 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2020-02-19 | CVE-2020-3112 | Improper Privilege Management vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. | 6.5 |
| 2020-02-19 | CVE-2015-0749 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. | 4.3 |
| 2020-02-19 | CVE-2011-2054 | Improper Authentication vulnerability in Cisco products A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. | 6.0 |
| 2020-02-12 | CVE-2011-4661 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. | 4.3 |
| 2020-02-07 | CVE-2013-1202 | Unspecified vulnerability in Cisco ACE Application Control Engine Module A2 3.6/3.6A Cisco ACE A2(3.6) allows log retention DoS. | 5.0 |
| 2020-02-06 | CVE-2013-3568 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Linksys Wrt110 Firmware Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 6.8 |
| 2020-02-06 | CVE-2013-2684 | Cross-site Scripting vulnerability in Cisco Linksys E4200 Firmware 1.0.05 Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2020-02-06 | CVE-2013-2683 | Information Exposure vulnerability in Cisco Linksys E4200 Firmware 1.0.05 Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. | 5.0 |