VYPR

Connected Mobile Experiences (CMX)

by Cisco Systems, Inc.

CVEs (7)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2021-1522Aug 4, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device.…

  • CVE-2021-1144Jan 13, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing…

  • CVE-2021-1143Jan 13, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could…

  • CVE-2020-3151Aug 26, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell…

  • CVE-2020-3152Aug 26, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an…

  • CVE-2019-1645Jan 24, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to…