• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-20940
Cisco, Firepower Threat Defense
Sd-wan_firmware, Vedge-100, Vedge-1000, Vedge-100b, Vedge-2000, Vedge-5000, Vedge_100m, Vedge_100wm, Hyperflex_hx220c_m5_firmware, Hyperflex_hx220c_m5
2022-11-22
N/A
5.3 MEDIUM
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device.
CVE-2022-2094
2023-02-18
N/A
6.1 MEDIUM
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting
CVE-2022-20938
Cisco, Firepower Management Center
Sd-wan_firmware, Vedge-100, Vedge-1000, Vedge-100b, Vedge-2000, Vedge-5000, Vedge_100m, Vedge_100wm, Hyperflex_hx220c_m5_firmware, Hyperflex_hx220c_m5
2022-11-21
N/A
4.3 MEDIUM
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.
CVE-2022-20937
2022-11-07
N/A
5.3 MEDIUM
A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.
CVE-2022-20936
2022-11-18
N/A
4.8 MEDIUM
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.
CVE-2022-20935
2022-11-18
N/A
4.8 MEDIUM
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.
CVE-2022-20934
Cisco, Firepower Threat Defense
Sd-wan_firmware, Vedge-100, Vedge-1000, Vedge-100b, Vedge-2000, Vedge-5000, Vedge_100m, Vedge_100wm, Hyperflex_hx220c_m5_firmware, Hyperflex_hx220c_m5
2022-11-29
N/A
6.7 MEDIUM
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.
CVE-2022-20933
2022-10-31
N/A
8.6 HIGH
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.
CVE-2022-20932
2022-11-18
N/A
4.8 MEDIUM
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.
CVE-2022-20930
2022-10-05
N/A
6.7 MEDIUM
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
« Previous 1 … 10,807 10,808 10,809 10,810 10,811 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE