CVE-2020-3518

Cisco Data Center Network Manager (DCNM) XSS (CVE-2020-3518) arises from improper validation in the web-based management interface. An authenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the affected interface or access to browser-...

CVE-2020-3522 Cisco Data Center Network Manager Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the...

Cisco Data Center Network Manager Multiple Vulnerabilities (Aug 2020)

According to its self-reported version, Cisco Data Center Network Manager is affected by multiple vulnerabilities. - A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an...

Cisco Prime Collaboration Provisioning Software SQL Injection (cisco-sa-pcp-sql-inj-22Auwt66)

According to its self-reported version, a vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Please see the included Cisco BIDs and Cisco...

CVE-2020-3463

Summary of CVE-2020-3463 (Cisco Webex Meetings) : A vulnerability in the web-based management interface allows an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack due to insufficient validation of user-supplied input. An attacker can lure a user to click a malicious...

Cisco Data Center Network Manager XSS (cisco-sa-dcnm-xss-3jkDLsLV)

According to its self-reported version, Cisco Data Center Network Manager is affected by a cross-site scripting XSS vulnerability in the web-based management interface due to a failure to properly validate user-supplied input. An unauthenticated, remote attacker can exploit this, by intercepting ...

Cisco Unified Communications Manager Cross-Site Scripting (cisco-sa-cucm-selfcare-drASc7sr)

According to its self-reported version, Cisco Unified Communications Manager is affected by a Cross-Site Scripting vulnerability that could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficien...

CVE-2020-3374 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

Citrix ADC Reflected Cross Site Scripting (CVE-2020-8191)

A reflected cross-site scripting vulnerability exists in Citrix ADC and Citrix gateway. The vulnerability is due to insufficient input validation in the web-based management interface. Successful exploitation could result in execution of arbitrary scripts on the affected system...

CVE-2020-3450

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted...

CVE-2020-3332

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input...

CVE-2020-3450 Cisco Vision Dynamic Signage Director SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted...

CVE-2020-3468 Cisco SD-WAN vManage Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL...

CVE-2020-3437 Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

CVE-2020-3348 Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient...

CVE-2020-3332 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input...

CVE-2020-3332 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input...

CVE-2020-3150 Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper...

CVE-2020-3150 Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper...

CVE-2020-3150

Cisco Small Business RV110W and RV215W Series Routers expose a information-disclosure vulnerability via the web-based management interface. The issue stems from improper HTTP request authorization, allowing an unauthenticated attacker to view sensitive data (including device configuration) by acc...