8 matches found
CVE-2022-20663
CVE-2022-20663 affects Cisco Secure Network Analytics (formerly Stealthwatch Enterprise). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-supplied input, exploitable when a user clicks a crafted link. An unaut...
CVE-2023-20102
CVE-2023-20102 affects Cisco Secure Network Analytics (SNAN) via the web-based management interface. The issue arises from insufficient sanitization of user-supplied data parsed into system memory, allowing an authenticated, remote attacker to execute arbitrary code on the underlying OS as the ad...
CVE-2022-20797
CVE-2022-20797 is a remote command execution vulnerability in the web-based management interface of Cisco Secure Network Analytics (formerly Cisco Stealthwatch Enterprise). It arises from insufficient input validation in the web UI, allowing an authenticated, remote attacker to inject commands an...
CVE-2022-20741
CVE-2022-20741 concerns the web-based management interface of Cisco Secure Network Analytics (Network Diagrams application). The issue is a cross-site scripting (XSS) vulnerability arising from insufficient validation of user-supplied input in the interface. An authenticated, remote attacker coul...
CVE-2025-20257
Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager are affected by CVE-2025-20257. The issue stems from insufficient authorization enforcement on a specific API, allowing an authenticated, low-privilege user to perform crafted API calls and generate fraudule...
CVE-2025-20256
CVE-2025-20256 affects Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager. The issue is in the web-based management interface, caused by insufficient input validation in specific fields. An authenticated administrator can send crafted input to an affected de...
CVE-2025-20178
CVE-2025-20178 affects Cisco Secure Network Analytics (web-based management interface). An authenticated attacker with valid administrative credentials can restore a malicious backup file to the device, exploiting insufficient integrity checks in device backups to obtain shell access as root on t...
CVE-2023-20103
Cisco Secure Network Analytics (Stealthwatch) remote code execution (CVE-2023-20103) arises from insufficient validation of input on the web interface, enabling an authenticated attacker to upload a crafted file and execute code as root on an affected device. The attack requires valid Administrat...