Filtered by vendor Cisco
Subscribe
Total
6480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3535 | 1 Cisco | 1 Webex Teams | 2023-11-07 | 7.2 HIGH | 8.4 HIGH |
| A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account. | |||||
| CVE-2020-3588 | 1 Cisco | 1 Webex Meetings | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients. | |||||
| CVE-2020-3447 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability by accessing specific log files on an affected device. A successful exploit could allow the attacker to obtain sensitive log data, which may include user credentials. To exploit this vulnerability, the attacker would need to have valid credentials at the operator level or higher on the affected device. | |||||
| CVE-2020-3462 | 1 Cisco | 1 Data Center Network Manager | 2023-11-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. | |||||
| CVE-2020-3376 | 1 Cisco | 1 Data Center Network Manager | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. | |||||
| CVE-2020-3362 | 1 Cisco | 1 Network Services Orchestrator | 2023-11-07 | 1.9 LOW | 4.7 MEDIUM |
| A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only. | |||||
| CVE-2020-3412 | 1 Cisco | 1 Webex Meetings Online | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves. | |||||
| CVE-2020-3581 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 2.6 LOW | 6.1 MEDIUM |
| Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-3361 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site. | |||||
| CVE-2020-3470 | 1 Cisco | 21 C125 M5, C220 M5, C240 M5 and 18 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). | |||||
| CVE-2020-3377 | 1 Cisco | 1 Data Center Network Manager | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. | |||||
| CVE-2020-3450 | 1 Cisco | 1 Vision Dynamic Signage Director | 2023-11-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the web-based management interface and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data that is stored in the underlying database, including hashed user credentials. To exploit this vulnerability, an attacker would need valid administrative credentials. | |||||
| CVE-2020-3475 | 1 Cisco | 100 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 97 more | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3545 | 1 Cisco | 10 Firepower 4110, Firepower 4112, Firepower 4115 and 7 more | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. | |||||
| CVE-2020-3574 | 1 Cisco | 16 Ip Dect 210, Ip Dect 210 Firmware, Ip Dect 6825 and 13 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition. | |||||
| CVE-2020-3365 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. | |||||
| CVE-2020-3585 | 1 Cisco | 7 Adaptive Security Appliance Software, Firepower 1000, Firepower 1010 and 4 more | 2023-11-07 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device | |||||
| CVE-2020-3478 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system. | |||||
| CVE-2020-3529 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition. | |||||
| CVE-2020-3572 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device. | |||||