Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-06 | CVE-2020-3178 | Open Redirect vulnerability in Cisco Content Security Management Appliance Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 5.8 |
| 2020-04-15 | CVE-2020-3273 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). | 5.0 |
| 2020-04-15 | CVE-2020-3262 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2020-04-15 | CVE-2020-3261 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 4.3 |
| 2020-04-15 | CVE-2020-3252 | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 4.0 |
| 2020-04-15 | CVE-2020-3177 | Path Traversal vulnerability in Cisco products A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. | 5.0 |
| 2020-04-15 | CVE-2020-3162 | Improper Input Validation vulnerability in Cisco IOT Field Network Director A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2020-04-13 | CVE-2019-1866 | Insufficient Verification of Data Authenticity vulnerability in Cisco Webex Business Suite 39 Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. | 4.3 |
| 2020-03-19 | CVE-2019-16010 | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. | 4.8 |
| 2020-03-04 | CVE-2020-3193 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. | 5.0 |