CVE-2022-20806 Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway and VCS could allow an attacker to write files or disclose sensitive information.

These vulnerabilities are documented in Cisco bug ID cisco-tags: CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-20 CVSSv3 - CWE-

CVE-2021: cURL With CWE-307 and CWE-416

CVE-2021: cURL With CWE-307 and CWE-416
CVE-2021: cURL With CWE-307 and CWE-416
CVE-2021: cURL With CWE-307 and CWE-416
CVE-2021: cURL With CWE-307 and CWE-416
CVE-2021: cURL With CWE-307 and CWE-416
CVE-2021: cURL With CWE-307 and CWE-416

CVE – Cisco Vulnerability Management (CVM)

The Cisco Vulnerability Management (CVM) tool is a web application used by the Cisco Security Operations Center (SOC) to identify vulnerabilities on Cisco products and manage scans.

CWE-20: Improper Input Validation

CWE-20: Improper Input Validation - A vulnerability in a software application that allows attackers to bypass the intended user input validation requirements by using information available within the system.

Timeline

Published on: 05/27/2022 14:15:00 UTC
Last modified on: 06/09/2022 14:13:00 UTC

References