Total
11433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3280 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. | |||||
| CVE-2020-3272 | 1 Cisco | 1 Prime Network Registrar | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. | |||||
| CVE-2020-3263 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system. | |||||
| CVE-2020-3262 | 1 Cisco | 4 5508 Wireless Controller, 5508 Wireless Controller Firmware, 5520 Wireless Controller and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. | |||||
| CVE-2020-3257 | 1 Cisco | 16 1120 Connected Grid Router, 1240 Connected Grid Router, Ios and 13 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3252 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3251 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3250 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3249 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3248 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3247 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3244 | 1 Cisco | 4 Asr 5000, Asr 5500, Asr 5700 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. | |||||
| CVE-2020-3243 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3240 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 8.5 HIGH | 7.3 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3239 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3238 | 1 Cisco | 1 Iox | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx. | |||||
| CVE-2020-3235 | 2 Cisco, Oracle | 7 Catalyst 4503-e, Catalyst 4506-e, Catalyst 4507r\+e and 4 more | 2024-11-21 | 6.3 MEDIUM | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system. | |||||
| CVE-2020-3230 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed. | |||||
| CVE-2020-3228 | 1 Cisco | 8 Ios, Ios Xe, Nexus 1000v and 5 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2020-3226 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition. | |||||