11 matches found
CVE-2024-20333
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An...
CVE-2023-20073 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...
CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...
CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...
CVE-2020-3413
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for request...
Cisco Webex Meetings Scheduled Meeting Template Creation (cisco-sa-webex-smtcreate-YmuD5Sk)
According to its self-reported version, Cisco Webex Meetings is affected by a vulnerability in the scheduled meeting template feature due to insufficient authorization enforcement for the creation of scheduled meeting templates. An authenticated, remote attacker can exploit this, by sending a...
Authorization
A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...
CVE-2019-1863
Cisco IMC Privilege Escalation (CVE-2019-1863) affects the web-based management interface of Cisco Integrated Management Controller. The root cause is insufficient authorization enforcement, allowing an authenticated user with read-only privileges to change critical configurations with administra...
CVE-2019-1625 Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...
CVE-2019-1603
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...
Authorization
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...