This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-1498
Vendor: Cisco
Product: HyperFlex HX
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-0171
Vendor: Cisco
Product: IOS and IOS XE
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-3118
Vendor: Cisco
Product: IOS XR
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-3566
Vendor: Cisco
Product: IOS XR
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-3569
Vendor: Cisco
Product: IOS XR
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-3161
Vendor: Cisco
Product: Cisco IP Phones
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1653
Vendor: Cisco
Product: Small Business RV320 and RV325 Routers
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-0296
Vendor: Cisco
Product: Adaptive Security Appliance (ASA)
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-13608
Vendor: Citrix
Product: StoreFront Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8193
Vendor: Citrix
Product: Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8195
Vendor: Citrix
Product: Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8196
Vendor: Citrix
Product: Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-19781
Vendor: Citrix
Product: Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-11634
Vendor: Citrix
Product: Workspace Application and Receiver for Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.
Required Action:
Apply updates per vendor instructions.
CVE-2020-29557
Vendor: D-Link
Product: DIR-825 R1 Devices
Added: 2021-11-03
Due Date: 2022-05-03
Description:
D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs: