9 matches found
CVE-2020-3598
CVE-2020-3598 affects Cisco Vision Dynamic Signage Director web-based management interface. An unauthenticated, remote attacker can access a portion of the interface due to missing authentication in a specific web UI section, by requesting a crafted URL. This could allow reading confidential info...
CVE-2020-3485
CVE-2020-3485 describes a vulnerability in the web management software of Cisco Vision Dynamic Signage Director’s RBAC. The issue arises from improper handling of RBAC in the web interface, enabling an authenticated, remote attacker to view and delete screen content they should not access via a c...
CVE-2019-16004
CVE-2019-16004 affects Cisco Vision Dynamic Signage Director; REST API endpoints permit an unauthenticated remote attacker to bypass authentication due to missing authentication on some API calls. Impact: attacker could interact with parts of the API. Affected software versions include releases p...
CVE-2020-3484
The CVE-2020-3484 issue affects Cisco Vision Dynamic Signage Director’s web-based management interface, caused by incorrect permissions in the Apache configuration. This allows an unauthenticated remote attacker to view potentially sensitive information on affected devices by sending a crafted HT...
CVE-2020-3490
The CVE-2020-3490 issue affects Cisco Vision Dynamic Signage Director. A vulnerability in the web-based management interface allows an authenticated, remote attacker with administrative privileges to perform directory traversal and read files on the underlying OS with root privileges due to impro...
CVE-2021-34742
Cisco Vision Dynamic Signage Director is affected by a reflected XSS in its web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the interfa...
CVE-2020-3491
CVE-2020-3491 affects Cisco Vision Dynamic Signage Director Web Management Interface. The root cause is improper validation of user-supplied input in the web interface, enabling an authenticated, administrative user to perform a stored XSS attack against other interface users. Impact described ac...
CVE-2019-1917
Cisco Vision Dynamic Signage Director contains a REST API authentication bypass. A remote, unauthenticated attacker can craft HTTP requests to the REST API, due to insufficient validation, to bypass authentication and perform arbitrary actions with administrative privileges. The REST API is enabl...
CVE-2020-3450
Cisco Vision Dynamic Signage Director is affected by CVE-2020-3450 via the web-based management interface. The issue is a SQL injection caused by improper validation of user-submitted parameters, exploitable by an authenticated attacker with administrative credentials. Successful exploitation cou...