CVE-2024-20458 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

CVE-2024-20458 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

CVE-2024-20420

The CVE-2024-20420 entry concerns Cisco ATA 190 Series Analog Telephone Adapter firmware. The web-based management interface contains an HTTP server authorization verification flaw that could allow an authenticated, low-privilege remote attacker to execute commands with Admin privileges. Document...

CVE-2024-20420 Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server...

CVE-2024-20420 Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server...

CVE-2024-20520

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

CVE-2024-20524 Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service DoS condition. To exploit...

CVE-2024-20520 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

CVE-2024-20519 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

CVE-2024-20517 Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service DoS condition. To exploit...

CVE-2024-20470 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have...

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20393 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interfa...

Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges and execute arbitrary commands on the underlying operating system of an affected...

CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

CVE-2024-20486

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

CVE-2024-20466 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value...

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...