Filtered by vendor Cisco
Subscribe
Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20729 | 1 Cisco | 1 Firepower Threat Defense | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output. | |||||
| CVE-2022-20728 | 1 Cisco | 52 Aironet 1542d, Aironet 1542d Firmware, Aironet 1542i and 49 more | 2023-11-07 | N/A | 4.7 MEDIUM |
| A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. | |||||
| CVE-2022-20726 | 1 Cisco | 3 Cgr1000 Compute Module, Ic3000 Industrial Compute Gateway, Ios | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20725 | 1 Cisco | 67 800m Integrated Services Router, 807 Industrial Integrated Services Router, 812 3g Integrated Services Router and 64 more | 2023-11-07 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20716 | 1 Cisco | 7 Catalyst Sd-wan Manager, Sd-wan, Sd-wan Solution and 4 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | |||||
| CVE-2022-20714 | 1 Cisco | 3 Asr 9902, Asr 9903, Ios Xr | 2023-11-07 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card. | |||||
| CVE-2022-20712 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20711 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20710 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20709 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20707 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2023-11-07 | 7.5 HIGH | 7.3 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20706 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2023-11-07 | 9.3 HIGH | 8.1 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20705 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20704 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2023-11-07 | 5.8 MEDIUM | 4.8 MEDIUM |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20702 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20697 | 1 Cisco | 2 Ios, Ios Xe | 2023-11-07 | 6.8 MEDIUM | 8.6 HIGH |
| A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20696 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload. | |||||
| CVE-2022-20695 | 1 Cisco | 34 3504 Wireless Controller, 5520 Wireless Controller, 8540 Wireless Controller and 31 more | 2023-11-07 | 9.3 HIGH | 10.0 CRITICAL |
| A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory. | |||||
| CVE-2022-20694 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 7.1 HIGH | 6.8 MEDIUM |
| A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. | |||||
| CVE-2022-20693 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | |||||