4.8
CVE-2024-20533 - Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-Site Scri…
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerabi…
5.5
CVE-2024-20532 - Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppl…
5.5
CVE-2024-20531 - Cisco Identity Services Engine XML External Entity Injection Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker woul…
6.1
CVE-2024-20530 - Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att…
5.5
CVE-2024-20529 - Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppl…
3.8
CVE-2024-20528 - Cisco Identity Services Engine Path Traversal Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is d…
5.5
CVE-2024-20527 - Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppl…
6.1
CVE-2024-20525 - Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att…
5.4
CVE-2024-20514 - Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripti…
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vuln…
6.1
CVE-2024-20511 - Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us…