CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-20039 – Cisco Industrial Network Director File Permissions
https://notcve.org/view.php?id=CVE-2023-20039
15 Nov 2024 — A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information. Cisco has released software updates that address this vulnerability. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20060 – Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-20060
15 Nov 2024 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary scri... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pcd-xss-jDXpjm7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20090 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20090
15 Nov 2024 — A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20091 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2023-20091
15 Nov 2024 — A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affe... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20092 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2023-20092
15 Nov 2024 — Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary file... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20093 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2023-20093
15 Nov 2024 — Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary file... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20094 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20094
15 Nov 2024 — A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco Webex Desk H... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20125 – Cisco BroadWorks Network Server TCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-20125
15 Nov 2024 — A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco B... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20154 – Cisco Modeling Labs External Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-20154
15 Nov 2024 — A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the a... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2024-20373 – Cisco IOS and Cisco IOS XE SNMP Extended ACL Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20373
15 Nov 2024 — A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 A... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww • CWE-284: Improper Access Control •