Filtered by vendor Cisco Subscriptions
Filtered by product Secure Network Analytics Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20103 1 Cisco 1 Secure Network Analytics 2023-11-07 7.2 High
A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
CVE-2023-20102 1 Cisco 3 Secure Network Analytics, Stealthwatch Management Console 2200, Stealthwatch Management Console 2200 Firmware 2023-11-07 8.8 High
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.
CVE-2022-20797 1 Cisco 1 Secure Network Analytics 2023-11-07 9.1 Critical
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.
CVE-2022-20741 1 Cisco 1 Secure Network Analytics 2023-11-07 5.4 Medium
A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.