Latest Cisco Vulnerabilities

CVE-2024-20313
A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a den...
Cisco IOS XE=17.5.1
Cisco IOS XE=17.5.1a
Cisco IOS XE=17.6.1
Cisco IOS XE=17.6.1a
Cisco IOS XE=17.6.1w
Cisco IOS XE=17.6.1x
and 32 more
CVE-2024-20358
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authentica...
Cisco Adaptive Security Appliance Software=9.8.1
Cisco Adaptive Security Appliance Software=9.8.1.5
Cisco Adaptive Security Appliance Software=9.8.1.7
Cisco Adaptive Security Appliance Software=9.8.2
Cisco Adaptive Security Appliance Software=9.8.2.8
Cisco Adaptive Security Appliance Software=9.8.2.14
and 261 more
CVE-2024-20359
Cisco ASA and FTD Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Cisco Adaptive Security Appliance Software=9.8.1
Cisco Adaptive Security Appliance Software=9.8.1.5
Cisco Adaptive Security Appliance Software=9.8.1.7
Cisco Adaptive Security Appliance Software=9.8.2
Cisco Adaptive Security Appliance Software=9.8.2.8
and 262 more
CVE-2024-20353
Cisco ASA and FTD Denial of Service Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Cisco Adaptive Security Appliance Software=9.8.1
Cisco Adaptive Security Appliance Software=9.8.1.5
Cisco Adaptive Security Appliance Software=9.8.1.7
Cisco Adaptive Security Appliance Software=9.8.2
Cisco Adaptive Security Appliance Software=9.8.2.8
and 262 more
CVE-2024-20267
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the ...
Cisco Nx-os=6.0\(2\)a3\(1\)
Cisco Nx-os=6.0\(2\)a3\(2\)
Cisco Nx-os=6.0\(2\)a3\(4\)
Cisco Nx-os=6.0\(2\)a4\(1\)
Cisco Nx-os=6.0\(2\)a4\(2\)
Cisco Nx-os=6.0\(2\)a4\(3\)
and 199 more
CVE-2024-20321
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an...
Cisco Nx-os=7.0\(3\)f1\(1\)
Cisco Nx-os=7.0\(3\)f2\(1\)
Cisco Nx-os=7.0\(3\)f2\(2\)
Cisco Nx-os=7.0\(3\)f3\(1\)
Cisco Nx-os=7.0\(3\)f3\(2\)
Cisco Nx-os=7.0\(3\)f3\(3\)
and 42 more
CVE-2023-40057
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23477
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23476
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23478
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23479
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-20255
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CS...
Cisco Expressway Series collaboration gateways
Cisco Expressway<15.0
CVE-2024-20254
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF)...
Cisco Expressway Series collaboration gateways
Cisco Expressway<=15.0
CVE-2024-20252
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF)...
Cisco Expressway Series collaboration gateways
Cisco Expressway<=15.0
CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due t...
Cisco Secure Endpoint<7.5.17
Cisco Secure Endpoint>=8.0.1.21160<8.2.3.30119
Cisco Secure Endpoint Private Cloud<3.8.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/clamav<1.0.5+dfsg-0ubuntu0.23.10.1
and 2 more
CVE-2024-20253
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vul...
Cisco Unified Communications Manager<12.5\(1\)su8
Cisco Unified Communications Manager>=14.0<14su3
Cisco Unified Communications Manager<12.5\(1\)su8
Cisco Unified Communications Manager>=14.0<14su3
Cisco Unified Communications Manager IM and Presence Service<12.5\(1\)su8
Cisco Unified Communications Manager IM and Presence Service>=14.0<14.0su3
and 6 more
CVE-2024-20263
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an ...
Cisco Cbs250-8t-d Firmware>=3.4<3.4.0.17
Cisco Cbs250-8t-d
Cisco Cbs250-8pp-d Firmware>=3.4<3.4.0.17
Cisco Cbs250-8pp-d
Cisco Cbs250-8t-e-2g Firmware>=3.4<3.4.0.17
Cisco Cbs250-8t-e-2g
and 280 more
CVE-2024-20305
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the inter...
Cisco Unity Connection<15.0
CVE-2024-20277
A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command in...
Cisco ThousandEyes Enterprise Agent<0.233.2
CVE-2024-20287
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform co...
Cisco Wap371 Firmware
Cisco WAP371
CVE-2023-20260
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vuln...
Cisco Evolved Programmable Network Manager<7.1.1
Cisco Prime Infrastructure<3.10.4
Cisco Prime Infrastructure=3.10.4
Cisco Prime Infrastructure=3.10.4-update_1
CVE-2023-20258
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This...
Cisco Evolved Programmable Network Manager<7.1.1
Cisco Prime Infrastructure<3.10.4
Cisco Prime Infrastructure=3.10.4
Cisco Prime Infrastructure=3.10.4-update_1
CVE-2023-20271
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL i...
Cisco Evolved Programmable Network Manager<7.1.1
Cisco Prime Infrastructure<3.10.4
Cisco Prime Infrastructure=3.10.4
Cisco Prime Infrastructure=3.10.4-update_1
CVE-2023-20257
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to ...
Cisco Evolved Programmable Network Manager<7.1.1
Cisco Prime Infrastructure<3.10.4
Cisco Prime Infrastructure=3.10.4
Cisco Prime Infrastructure=3.10.4-update_1
CVE-2024-20251
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack agains...
Cisco Identity Services Engine=1.0
Cisco Identity Services Engine=1.0.4
Cisco Identity Services Engine=1.1
Cisco Identity Services Engine=1.1.1
Cisco Identity Services Engine=1.1.2
Cisco Identity Services Engine=1.1.3
and 202 more
CVE-2024-20272
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on ...
Cisco Unity Connection<12.5.1.19017-4
Cisco Unity Connection>=14.0<14.0.1.14006-5
CVE-2024-20270
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to ...
Cisco BroadWorks Xtended Services Platform>=24.0.2023.01<24.0.2023.10
Cisco BroadWorks Xtended Services Platform>=25.0.2023.01<25.0.2023.10
Cisco BroadWorks Xtended Services Platform=23.0.2024.01
Cisco BroadWorks Application Delivery Platform>=24.0.2023.01<24.0.2023.10
Cisco BroadWorks Application Delivery Platform>=25.0.2023.01<25.0.2023.10
Cisco BroadWorks Application Delivery Platform=23.0.2024.01
CVE-2023-31488
Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow...
Cisco IronPort Email Security Appliance
Cisco Secure Email Gateway Firmware
Cisco Secure Email Gateway
CVE-2023-34064
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
CVE-2023-20275
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to...
Cisco Adaptive Security Appliance Software=9.8.1
Cisco Adaptive Security Appliance Software=9.8.1.5
Cisco Adaptive Security Appliance Software=9.8.1.7
Cisco Adaptive Security Appliance Software=9.8.2
Cisco Adaptive Security Appliance Software=9.8.2.8
Cisco Adaptive Security Appliance Software=9.8.2.14
and 233 more
CVE-2023-35641
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
CVE-2023-33106
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
CVE-2023-33107
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
CVE-2023-33063
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
CVE-2023-20241
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an af...
Cisco Anyconnect Secure Mobility Client=4.9.00086
Cisco Anyconnect Secure Mobility Client=4.9.01095
Cisco Anyconnect Secure Mobility Client=4.9.02028
Cisco Anyconnect Secure Mobility Client=4.9.03047
Cisco Anyconnect Secure Mobility Client=4.9.03049
Cisco Anyconnect Secure Mobility Client=4.9.04043
and 24 more
CVE-2023-20240
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an af...
Cisco Anyconnect Secure Mobility Client=4.9.00086
Cisco Anyconnect Secure Mobility Client=4.9.01095
Cisco Anyconnect Secure Mobility Client=4.9.02028
Cisco Anyconnect Secure Mobility Client=4.9.03047
Cisco Anyconnect Secure Mobility Client=4.9.03049
Cisco Anyconnect Secure Mobility Client=4.9.04043
and 24 more
CVE-2023-20084
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability...
Cisco Secure Endpoint
Cisco Secure Endpoint=6.0.7
Cisco Secure Endpoint=6.0.9
Cisco Secure Endpoint=6.1.5
Cisco Secure Endpoint=6.1.7
Cisco Secure Endpoint=6.1.9
and 29 more
CVE-2023-20274
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insuffi...
Cisco AppDynamics=21.2.7
Cisco AppDynamics=21.2.8
Cisco AppDynamics=21.4.0
Cisco AppDynamics=21.4.2
Cisco AppDynamics=21.4.3
Cisco AppDynamics=21.4.4
and 20 more
CVE-2023-20272
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This...
Cisco Identity Services Engine=3.0.0
Cisco Identity Services Engine=3.0.0-patch1
Cisco Identity Services Engine=3.0.0-patch2
Cisco Identity Services Engine=3.0.0-patch3
Cisco Identity Services Engine=3.0.0-patch4
Cisco Identity Services Engine=3.0.0-patch5
and 7 more
CVE-2023-20208
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an aff...
Cisco Identity Services Engine=3.0.0
Cisco Identity Services Engine=3.0.0-patch1
Cisco Identity Services Engine=3.0.0-patch2
Cisco Identity Services Engine=3.0.0-patch3
Cisco Identity Services Engine=3.0.0-patch4
Cisco Identity Services Engine=3.0.0-patch5
and 9 more
CVE-2023-20265
A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a...
Cisco Ip Dect 110 Firmware<5.1.2sr1
Cisco Ip Dect 110
Cisco Ip Dect 210 Firmware<5.1.2sr1
Cisco Ip Dect 210
Cisco Unified Ip Phone 6901 Firmware>=9.0<9.3\(1\)sr3
Cisco Unified Ip Phone 6901
and 2 more
CVE-2023-20083
A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CP...
Cisco Firepower Threat Defense>=6.2.3<=6.2.3.18
Cisco Firepower Threat Defense>=6.4.0<=6.4.0.17
Cisco Firepower Threat Defense>=6.6.0<=6.6.7.1
Cisco Firepower Threat Defense>=6.7.0<=6.7.0.3
Cisco Firepower Threat Defense>=7.0.0<=7.0.5
Cisco Firepower Threat Defense>=7.1.0<=7.1.0.3
and 2 more
CVE-2023-20267
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuratio...
Cisco Firepower Threat Defense>=6.7.0<=7.3.1.1
CVE-2023-20247
A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker...
Cisco Adaptive Security Appliance Software=9.8.1
Cisco Adaptive Security Appliance Software=9.8.1.5
Cisco Adaptive Security Appliance Software=9.8.1.7
Cisco Adaptive Security Appliance Software=9.8.2
Cisco Adaptive Security Appliance Software=9.8.2.8
Cisco Adaptive Security Appliance Software=9.8.2.14
and 223 more
CVE-2023-20095
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker t...
Cisco Adaptive Security Appliance Software=9.8.1
Cisco Adaptive Security Appliance Software=9.8.1.5
Cisco Adaptive Security Appliance Software=9.8.1.7
Cisco Adaptive Security Appliance Software=9.8.2
Cisco Adaptive Security Appliance Software=9.8.2.8
Cisco Adaptive Security Appliance Software=9.8.2.14
and 171 more
CVE-2023-20246
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. ...
Snort Snort>=3.0.0<3.1.57.0
Cisco Firepower Threat Defense>=7.0.0<=7.3.1.1
Cisco IOS XE>=17.12<17.12.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203