Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,236 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34750 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an… | |||
| CVE-2022-20626 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the… | |||
| CVE-2022-20631 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not… | |||
| CVE-2022-20654 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of… | |||
| CVE-2022-20634 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to… | |||
| CVE-2022-20657 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. This vulnerability exists because the web-based management… | |||
| CVE-2022-20663 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is… | |||
| CVE-2022-20685 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An… | |||
| CVE-2022-20656 | 0.00 | — | 0.02 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the… | |||
| CVE-2022-20793 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to… | |||
| CVE-2022-20814 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server… | |||
| CVE-2022-20846 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer… | |||
| CVE-2022-20849 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not… | |||
| CVE-2022-20931 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version… | |||
| CVE-2022-20853 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF… | |||
| CVE-2022-20871 | 0.00 | — | 0.02 | Nov 15, 2024 | A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This… | |||
| CVE-2022-20939 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An… | |||
| CVE-2023-20004 | 0.00 | — | 0.00 | Nov 15, 2024 | Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the… | |||
| CVE-2023-20039 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing… | |||
| CVE-2023-20060 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management… | |||
| CVE-2023-20090 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by… | |||
| CVE-2023-20091 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file… | |||
| CVE-2023-20092 | 0.00 | — | 0.00 | Nov 15, 2024 | Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the… | |||
| CVE-2023-20093 | 0.00 | — | 0.00 | Nov 15, 2024 | Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the… | |||
| CVE-2023-20094 | 0.00 | — | 0.00 | Nov 15, 2024 | A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this… | |||
| CVE-2023-20154 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned… | |||
| CVE-2024-20373 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it… | |||
| CVE-2024-20540 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This… | |||
| CVE-2024-20539 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate… | |||
| CVE-2024-20538 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate… | |||
| CVE-2024-20537 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator… | |||
| CVE-2024-20536 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is… | |||
| CVE-2024-20534 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against… | |||
| CVE-2024-20533 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against… | |||
| CVE-2024-20532 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient… | |||
| CVE-2024-20531 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this… | |||
| CVE-2024-20530 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate… | |||
| CVE-2024-20529 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient… | |||
| CVE-2024-20528 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. … | |||
| CVE-2024-20527 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient… | |||
| CVE-2024-20525 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate… | |||
| CVE-2024-20514 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the… | |||
| CVE-2024-20511 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)… | |||
| CVE-2024-20507 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based… | |||
| CVE-2024-20504 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a… | |||
| CVE-2024-20487 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based… | |||
| CVE-2024-20484 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient… | |||
| CVE-2024-20457 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the… | |||
| CVE-2024-20445 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage… | |||
| CVE-2024-20476 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator… |
- CVE-2021-34750Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an…
- CVE-2022-20626Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the…
- CVE-2022-20631Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not…
- CVE-2022-20654Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of…
- CVE-2022-20634Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to…
- CVE-2022-20657Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. This vulnerability exists because the web-based management…
- CVE-2022-20663Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is…
- CVE-2022-20685Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An…
- CVE-2022-20656Nov 15, 2024risk 0.00cvss —epss 0.02
A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the…
- CVE-2022-20793Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to…
- CVE-2022-20814Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server…
- CVE-2022-20846Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer…
- CVE-2022-20849Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not…
- CVE-2022-20931Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version…
- CVE-2022-20853Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF…
- CVE-2022-20871Nov 15, 2024risk 0.00cvss —epss 0.02
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This…
- CVE-2022-20939Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An…
- CVE-2023-20004Nov 15, 2024risk 0.00cvss —epss 0.00
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the…
- CVE-2023-20039Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing…
- CVE-2023-20060Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management…
- CVE-2023-20090Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by…
- CVE-2023-20091Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file…
- CVE-2023-20092Nov 15, 2024risk 0.00cvss —epss 0.00
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the…
- CVE-2023-20093Nov 15, 2024risk 0.00cvss —epss 0.00
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the…
- CVE-2023-20094Nov 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this…
- CVE-2023-20154Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned…
- CVE-2024-20373Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it…
- CVE-2024-20540Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This…
- CVE-2024-20539Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate…
- CVE-2024-20538Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate…
- CVE-2024-20537Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator…
- CVE-2024-20536Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is…
- CVE-2024-20534Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against…
- CVE-2024-20533Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against…
- CVE-2024-20532Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient…
- CVE-2024-20531Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this…
- CVE-2024-20530Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate…
- CVE-2024-20529Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient…
- CVE-2024-20528Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. …
- CVE-2024-20527Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient…
- CVE-2024-20525Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate…
- CVE-2024-20514Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the…
- CVE-2024-20511Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…
- CVE-2024-20507Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based…
- CVE-2024-20504Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a…
- CVE-2024-20487Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based…
- CVE-2024-20484Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient…
- CVE-2024-20457Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the…
- CVE-2024-20445Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage…
- CVE-2024-20476Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator…
Page 95 of 145