Cisco Vulnerabilities
Comprehensive security vulnerability database for Cisco products
3
0
3
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2024-20340 | 6.5 | An attacker with a valid account on the Cisco Secure Firewall Management Center can exploit a vulnerability in its web interface to perform an SQL injection, allowing them to read sensitive database information and gain limited access to the underlying operating system. This requires the attacker to have specific roles like Security Approver or Network Admin, making it a targeted threat. | ciscosecure firewall management center | Exploit Available | over 1 year agoOct 23, 2024 |
| CVE-2024-20358 | 6.7 | An attacker with administrator-level access could exploit a flaw in Cisco's security software to run any command on the device's operating system with full control. This is possible because the system doesn't properly check the contents of backup files when they are restored, allowing a maliciously crafted backup to be used for the attack. | ciscoadaptive security appliance software | Exploit Available | almost 2 years agoApr 24, 2024 |
| CVE-2022-20775 | 7.8 | An attacker with local access to the Cisco SD-WAN Software can run specially crafted commands to gain root-level control of the system, allowing them to execute any command they want. This vulnerability requires the attacker to be authenticated and have access to the command line interface. | ciscocatalyst sd-wan manager | Exploit Available | over 3 years agoSep 30, 2022 |
About Cisco Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Cisco products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.