Cisco Identity Services Engine XSS (cisco-sa-ise-auth-bypass-BBRf7mkE)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability in the web-based management interface of Cisco ISE which could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Note that Nessus has not tested...

Cisco Prime Infrastructure XSS (cisco-sa-epnmpi-sxss-yyf2zkXs)

The version of Cisco Prime Infrastructure installed on the remote host is 3.10.x prior to 3.10.6. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote...

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...

CVE-2024-20507

A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...

CVE-2024-20525

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An...

CVE-2024-20511

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

CVE-2024-20530 Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An...

CVE-2024-20514 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This...

CVE-2024-20507 Cisco Meeting Management Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...

CVE-2024-20507

Cisco CVE-2024-20507 affects Cisco Meeting Management (and related Cisco Meeting Server) where an attacker with authenticated access to the web management interface can view sensitive information stored on the device due to improper storage in the logging subsystem. The issue is identified as an ...

CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

CVE-2024-20482

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must...

CVE-2024-20372

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...

CVE-2024-20387

A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An...

CVE-2024-20386

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...

CVE-2024-20377

CVE-2024-20377 concerns Cisco Firepower Management Center (FMC) web-based management interface. A stored XSS vulnerability arises from improper validation of user-supplied input, enabling an authenticated, remote attacker to lure a user into clicking a crafted link, which could execute arbitrary ...

CVE-2024-20463

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET...

CVE-2024-20462 Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...

CVE-2024-20459

The CVE-2024-20459 entry applies to Cisco ATA 190 Multiplatform Series analog telephone adapters. The issue stems from a lack of input sanitization in the web-based management interface, enabling an authenticated, high-privilege attacker to execute arbitrary commands on the underlying OS as root ...

CVE-2024-20459 Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is...