Vulnerabilities > Cisco > Vision Dynamic Signage Director

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-34742 Cross-site Scripting vulnerability in Cisco Vision Dynamic Signage Director
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
network
low complexity
cisco CWE-79
6.1
2020-10-08 CVE-2020-3598 Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes.
network
low complexity
cisco CWE-306
6.5
2020-09-23 CVE-2019-16004 Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director
A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
network
low complexity
cisco CWE-306
6.5
2020-08-26 CVE-2020-3491 Cross-site Scripting vulnerability in Cisco Vision Dynamic Signage Director 6.2.0
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
network
low complexity
cisco CWE-79
4.8
2020-08-26 CVE-2020-3490 Path Traversal vulnerability in Cisco Vision Dynamic Signage Director 6.2.0
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system.
network
low complexity
cisco CWE-22
4.9
2020-08-26 CVE-2020-3485 Incorrect Default Permissions vulnerability in Cisco Vision Dynamic Signage Director 6.2.0
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform.
network
low complexity
cisco CWE-276
6.3
2020-08-26 CVE-2020-3484 Incorrect Default Permissions vulnerability in Cisco Vision Dynamic Signage Director 6.2(0)
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device.
network
low complexity
cisco CWE-276
5.3
2020-07-16 CVE-2020-3450 SQL Injection vulnerability in Cisco Vision Dynamic Signage Director
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
4.9
2019-07-17 CVE-2019-1917 Improper Authentication vulnerability in Cisco Vision Dynamic Signage Director
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system.
network
low complexity
cisco CWE-287
critical
9.8