CVE-2024-20377

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to the web-based management interface not...

CVE-2024-20275

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...

CVE-2024-20300 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...

CVE-2024-20275

Cisco Secure Firewall Management Center (FMC) Software’s cluster backup feature is vulnerable due to insufficient validation of data from the web-based management interface. An authenticated user with Network Administrator privileges could trigger a near-user action (cluster backup) to cause the ...

Cisco Secure Firewall Management Center Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must...

Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an...

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...

CVE-2024-20459

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is...

CVE-2024-20512 Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

CVE-2024-20488

Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) are affected by a cross-site scripting (XSS) vulnerability in their web-based management interface. The issue stems from improper input validation, allowing an unauthenticated, remote atta...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

CVE-2024-20454

CVE-2024-20454 affects Cisco Small Business SPA300 Series and SPA500 Series IP Phones. The web UI has multiple vulnerabilities allowing unauthenticated, remote execution of arbitrary commands with root privileges via crafted HTTP requests. The underlying cause is improper checking of incoming HTT...

CVE-2024-20479

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affect...

PT-2024-23222 · Privx · Privx

Name of the Vulnerable Software and Affected Versions: PrivX versions prior to 34.0 Description: The issue allows data exfiltration and denial of service via the REST API. Recommendations: For versions prior to 34.0, update to version 34.0 or later to resolve the issue. Alternatively, for earlier...

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

CVE-2024-5947

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...

Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

Cisco Firepower Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...