Skip to main content
CVE-2020-3387 HIGH POC THREAT This Week

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Sd Wan Firmware
NVD
CVSS 3.1
8.8
EPSS
13.0%
CVE-2020-13405 HIGH POC PATCH THREAT This Week

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
13.7%
CVE-2020-3437 MEDIUM POC This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Sd Wan Firmware
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2020-12007 CRITICAL Act Now

A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Mc Works Mc Works32 Energy Analytix +8
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-12011 CRITICAL Act Now

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mc Works Mc Works32 +9
NVD
CVSS 3.1
9.8
EPSS
29.2%
CVE-2020-3357 CRITICAL Act Now

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service RCE Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware +2
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-3331 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Wireless N Vpn Firewall Firmware Rv215W Wireless N Vpn Router Firmware
NVD
CVSS 3.1
9.8
EPSS
42.7%
CVE-2020-3330 CRITICAL Act Now

A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv110W Wireless N Vpn Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-3323 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Wireless N Vpn Firewall Firmware Rv130 Vpn Router Firmware +2
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2020-3144 CRITICAL Act Now

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv110W Firmware Rv130 Firmware Rv130W Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-3140 CRITICAL Act Now

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime License Manager
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-15027 CRITICAL Act Now

ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Automate
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-14000 CRITICAL PATCH Act Now

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Scratch Vm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-12013 CRITICAL Act Now

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mc Works32 Mc Works64 Energy Analytix +8
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2020-3381 HIGH This Week

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Sd Wan Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-3332 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv110W Wireless N Vpn Firewall Firmware Rv130 Vpn Router Firmware Rv130W Wireless N Multifunction Vpn Router Firmware +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-3146 HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Wireless N Vpn Firewall Firmware Rv130 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-3145 HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Firmware Rv130 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3358 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Firmware +1
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3351 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware Vedge Cloud Router Vsmart Controller
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-4462 HIGH This Week

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
8.2
EPSS
3.2%
CVE-2020-3388 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sd Wan Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3380 HIGH This Week

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Data Center Network Manager
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-3379 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan Firmware Vbond Orchestrator Vsmart Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3180 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12015 HIGH This Week

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mc Works Mc Works32 Energy Analytix Facility Analytix +7
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-12009 HIGH This Week

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mc Works Mc Works32 Energy Analytix Facility Analytix +7
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-3369 HIGH This Week

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware Vedge Cloud Router
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3405 HIGH This Week

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Sd Wan Firmware
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2020-3401 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Sd Wan Firmware
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-3385 MEDIUM This Month

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware Vedge Cloud Router
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-3372 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4095 MEDIUM This Month

"BigFix Platform is storing clear text credentials within the system's memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bigfix Platform
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2020-3150 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Authentication Bypass Rv110W Firmware Rv215W Firmware
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2020-3370 MEDIUM This Month

A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance
NVD
CVSS 3.1
5.8
EPSS
1.3%
CVE-2020-3468 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Sd Wan Firmware
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-3406 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sd Wan Firmware
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-3197 MEDIUM This Month

A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Meeting Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-3450 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Vision Dynamic Signage Director
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-3349 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3348 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-4316 MEDIUM PATCH This Month

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.1
4.7
EPSS
1.2%
CVE-2020-3378 MEDIUM This Month

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Sd Wan Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-3345 MEDIUM This Month

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Webex Meetings Server
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy