Latest CVE Feed
-
9.1
CRITICALCVE-2024-20519
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
9.1
CRITICALCVE-2024-20518
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
6.8
MEDIUMCVE-2024-20517
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
6.8
MEDIUMCVE-2024-20516
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
6.5
MEDIUMCVE-2024-20515
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data prot... Read more
Affected Products : identity_services_engine- Published: Oct. 02, 2024
- Modified: Aug. 05, 2025
-
6.7
MEDIUMCVE-2024-20492
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the atta... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
8.6
HIGHCVE-2024-20491
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an interna... Read more
Affected Products : nexus_dashboard_fabric_controller nexus_dashboard_orchestrator nexus_dashboard_insights- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
8.6
HIGHCVE-2024-20490
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists bec... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
5.4
MEDIUMCVE-2024-20477
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affe... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
7.2
HIGHCVE-2024-20470
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit ... Read more
Affected Products : small_business_rv_series_router_firmware rv340_dual_wan_gigabit_vpn_router_firmware rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware rv345_dual_wan_gigabit_vpn_router_firmware rv345p_dual_wan_gigabit_poe_vpn_router_firmware rv340_dual_wan_gigabit_vpn_router rv340w_dual_wan_gigabit_wireless-ac_vpn_router rv345_dual_wan_gigabit_vpn_router rv345p_dual_wan_gigabit_poe_vpn_router- Published: Oct. 02, 2024
- Modified: Oct. 09, 2024
-
8.8
HIGHCVE-2024-20449
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker coul... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
8.6
HIGHCVE-2024-20448
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the impr... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
5.5
MEDIUMCVE-2024-20444
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected dev... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
5.4
MEDIUMCVE-2024-20442
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization con... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 07, 2024
-
6.5
MEDIUMCVE-2024-20441
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the af... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
6.3
MEDIUMCVE-2024-20438
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API end... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
9.9
CRITICALCVE-2024-20432
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due... Read more
- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
8.8
HIGHCVE-2024-20393
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability ex... Read more
Affected Products : small_business_rv_series_router_firmware rv340_dual_wan_gigabit_vpn_router_firmware rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware rv345_dual_wan_gigabit_vpn_router_firmware rv345p_dual_wan_gigabit_poe_vpn_router_firmware rv340_dual_wan_gigabit_vpn_router rv340w_dual_wan_gigabit_wireless-ac_vpn_router rv345_dual_wan_gigabit_vpn_router rv345p_dual_wan_gigabit_poe_vpn_router- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
5.9
MEDIUMCVE-2024-20385
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO ... Read more
Affected Products : nexus_dashboard_orchestrator- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024
-
7.2
HIGHCVE-2024-20365
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system an... Read more
Affected Products : unified_computing_system- Published: Oct. 02, 2024
- Modified: Oct. 08, 2024