Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-24 | CVE-2023-20249 | Cross-site Scripting vulnerability in Cisco Telepresence Management Suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
| 2024-04-24 | CVE-2024-20358 | OS Command Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. | 6.7 |
| 2024-04-24 | CVE-2024-20359 | Code Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. | 6.0 |
| 2024-04-03 | CVE-2024-20334 | Cross-site Scripting vulnerability in Cisco Telepresence Management Suite 15.13.5/15.13.6 A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. | 5.4 |
| 2024-04-03 | CVE-2024-20347 | Unspecified vulnerability in Cisco Emergency Responder A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. | 6.5 |
| 2024-03-06 | CVE-2024-20292 | Cleartext Storage of Sensitive Information vulnerability in Cisco DUO Authentication for Windows Logon and RDP A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. | 5.5 |
| 2024-03-06 | CVE-2024-20301 | Insufficient Session Expiration vulnerability in Cisco DUO Authentication for Windows Logon and RDP 4.2.2 A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. | 6.2 |
| 2024-02-29 | CVE-2024-20291 | Incorrect Authorization vulnerability in Cisco Nx-Os 9.3(10)/9.3(11)/9.3(12) A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. | 5.8 |
| 2024-01-26 | CVE-2024-20305 | Cross-site Scripting vulnerability in Cisco Unity Connection A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2024-01-17 | CVE-2023-20257 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. | 4.8 |