Connected Mobile Experiences (CMX)
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2021-1522 | 0.00 | — | 0.01 | Aug 4, 2021 | A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device.… | |||
| CVE-2021-1144 | 0.00 | — | 0.01 | Jan 13, 2021 | A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing… | |||
| CVE-2021-1143 | 0.00 | — | 0.01 | Jan 13, 2021 | A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could… | |||
| CVE-2020-3151 | 0.00 | — | 0.00 | Aug 26, 2020 | A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell… | |||
| CVE-2020-3152 | 0.00 | — | 0.00 | Aug 26, 2020 | A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an… | |||
| CVE-2019-1645 | 0.00 | — | 0.01 | Jan 24, 2019 | A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to… |
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2021-1522Aug 4, 2021risk 0.00cvss —epss 0.01
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device.…
- CVE-2021-1144Jan 13, 2021risk 0.00cvss —epss 0.01
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing…
- CVE-2021-1143Jan 13, 2021risk 0.00cvss —epss 0.01
A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could…
- CVE-2020-3151Aug 26, 2020risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell…
- CVE-2020-3152Aug 26, 2020risk 0.00cvss —epss 0.00
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an…
- CVE-2019-1645Jan 24, 2019risk 0.00cvss —epss 0.01
A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to…