cisco-sa-Expressway-8J3yZ7hV
Cisco PSIRTCRITICAL2020-11-18
Cisco Expressway Software TURN Server Configuration Issue
CVEs:CVE-2020-3482
Affected products
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209614 | affected | Cisco | — | — |
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 1 is already weaponised in the wild — see the Exploited section.
Cisco Expressway Software TURN Server Configuration Issue
CVEs:CVE-2020-3482
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209614 | affected | Cisco | — | — |
Cisco IoT Field Network Director Missing API Authentication Vulnerability
CVEs:CVE-2020-3392
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
CVEs:CVE-2020-26072
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
CVEs:CVE-2020-3531
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director Improper Access Control Vulnerability
CVEs:CVE-2020-26077
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director File Overwrite Vulnerability
CVEs:CVE-2020-26078
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability
CVEs:CVE-2020-26079
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability
CVEs:CVE-2020-26075
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director Information Disclosure Vulnerability
CVEs:CVE-2020-26076
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director Improper Domain Access Control Vulnerability
CVEs:CVE-2020-26080
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities
CVEs:CVE-2020-26081
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
Cisco DNA Spaces Connector Command Injection Vulnerability
CVEs:CVE-2020-3586
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271288 | affected | Cisco | — | — |
Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability
CVEs:CVE-2020-26068
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-278404 | affected | Cisco | — | — |
Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
CVEs:CVE-2020-3470
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-191638 | affected | Cisco | — | — |
| CVRFPID-201970 | affected | Cisco | — | — |
Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
CVEs:CVE-2020-3419
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190702 | affected | Cisco | — | — |
| CVRFPID-228295 | affected | Cisco | — | — |
Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability
CVEs:CVE-2020-3471
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190702 | affected | Cisco | — | — |
| CVRFPID-228295 | affected | Cisco | — | — |
Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability
CVEs:CVE-2020-3441
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190702 | affected | Cisco | — | — |
| CVRFPID-228295 | affected | Cisco | — | — |
Cisco Webex Meetings API Cross-Site Scripting Vulnerability
CVEs:CVE-2020-27126
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-228295 | affected | Cisco | — | — |
Cisco Secure Web Appliance Privilege Escalation Vulnerability
CVEs:CVE-2020-3367
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-189789 | affected | Cisco | — | — |
Cisco Security Manager Java Deserialization Vulnerabilities
CVEs:CVE-2020-27131
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-79783 | affected | Cisco | — | — |
Cisco Security Manager Path Traversal Vulnerability
CVEs:CVE-2020-27130
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-79783 | affected | Cisco | — | — |
Cisco Security Manager Static Credential Vulnerability
CVEs:CVE-2020-27125
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-79783 | affected | Cisco | — | — |
Cisco IOS XR Software Slow Path Forwarding Denial of Service Vulnerability
CVEs:CVE-2020-26070
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-5834 | affected | Cisco | — | — |
Cisco Integrated Management Controller Command Injection Vulnerability
CVEs:CVE-2020-3371
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-191638 | affected | Cisco | — | — |
| CVRFPID-201970 | affected | Cisco | — | — |
Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability
CVEs:CVE-2020-27123
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-109810 | affected | Cisco | — | — |
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
CVEs:CVE-2020-3556
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-109810 | affected | Cisco | — | — |
Cisco SD-WAN Software Packet Filtering Bypass Vulnerability
CVEs:CVE-2020-3444
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-238692 | affected | Cisco | — | — |
Cisco Integrated Management Controller Authorization Bypass Vulnerability
CVEs:CVE-2020-26063
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-112776 | affected | Cisco | — | — |
Cisco Integrated Management Controller Username Enumeration Vulnerability
CVEs:CVE-2020-26062
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-112776 | affected | Cisco | — | — |
Cisco Edge Fog Fabric Resource Exposure Vulnerability
CVEs:CVE-2020-26084
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-280416 | affected | Cisco | — | — |
Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability
CVEs:CVE-2020-26082
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-189790 | affected | Cisco | — | — |
Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability
CVEs:CVE-2020-27121
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-189784 | affected | Cisco | — | — |
Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
CVEs:CVE-2020-3284
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-5834 | affected | Cisco | — | — |
Cisco Identity Services Engine Privilege Escalation Vulnerability
CVEs:CVE-2020-27122
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVEs:CVE-2020-3551
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVEs:CVE-2020-26083
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability
CVEs:CVE-2020-26086
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-278404 | affected | Cisco | — | — |
Cisco SD-WAN Software Privilege Escalation Vulnerability
CVEs:CVE-2020-3595
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-238692 | affected | Cisco | — | — |
| CVRFPID-271450 | affected | Cisco | — | — |
| CVRFPID-278041 | affected | Cisco | — | — |
| CVRFPID-278078 | affected | Cisco | — | — |
| CVRFPID-278124 | affected | Cisco | — | — |
Cisco SD-WAN Software Privilege Escalation Vulnerability
CVEs:CVE-2020-3593
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-238692 | affected | Cisco | — | — |
| CVRFPID-271450 | affected | Cisco | — | — |
| CVRFPID-278041 | affected | Cisco | — | — |
| CVRFPID-278078 | affected | Cisco | — | — |
| CVRFPID-278124 | affected | Cisco | — | — |
Cisco SD-WAN Software Privilege Escalation Vulnerability
CVEs:CVE-2020-3600
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-238692 | affected | Cisco | — | — |
| CVRFPID-271450 | affected | Cisco | — | — |
| CVRFPID-278041 | affected | Cisco | — | — |
| CVRFPID-278078 | affected | Cisco | — | — |
| CVRFPID-278124 | affected | Cisco | — | — |
Cisco SD-WAN Software Privilege Escalation Vulnerability
CVEs:CVE-2020-3594
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-238692 | affected | Cisco | — | — |
| CVRFPID-271450 | affected | Cisco | — | — |
| CVRFPID-278041 | affected | Cisco | — | — |
| CVRFPID-278078 | affected | Cisco | — | — |
| CVRFPID-278124 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Directory Traversal Vulnerability
CVEs:CVE-2020-26073
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
CVEs:CVE-2020-26074
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability
CVEs:CVE-2020-27128
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Command Injection Vulnerability
CVEs:CVE-2020-27129
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Path Traversal Vulnerability
CVEs:CVE-2020-26065
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Authorization Bypass Vulnerability
CVEs:CVE-2020-3592
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software XML External Entity Vulnerability
CVEs:CVE-2020-26064
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software XML External Entity Vulnerability
CVEs:CVE-2020-26066
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability
CVEs:CVE-2020-3590
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability
CVEs:CVE-2020-3587
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Cross-Site Scripting Vulnerability
CVEs:CVE-2020-3591
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability
CVEs:CVE-2020-3579
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
CVEs:CVE-2020-3574
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-277607 | affected | Cisco | — | — |
| CVRFPID-278888 | affected | Cisco | — | — |
Cisco SD-WAN Software Arbitrary File Creation Vulnerability
CVEs:CVE-2020-26071
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-271450 | affected | Cisco | — | — |
| CVRFPID-278041 | affected | Cisco | — | — |
| CVRFPID-278078 | affected | Cisco | — | — |
| CVRFPID-278124 | affected | Cisco | — | — |
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVEs:CVE-2020-3573CVE-2020-3603CVE-2020-3604
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-278014 | affected | Cisco | — | — |
Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability
CVEs:CVE-2020-26067
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-210403 | affected | Cisco | — | — |
Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability
CVEs:CVE-2020-3588
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-279336 | affected | Cisco | — | — |
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.