Cisco Cyber Vision vulnerabilities

CVE-2026-20053 [MEDIUM] CWE-122 CVE-2026-20053: Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending cra

CVE-2026-20054 [MEDIUM] CWE-835 CVE-2026-20054: Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort

CVE-2026-20005 [MEDIUM] CWE-392 CVE-2026-20005: Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could a Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the SSL handshake ingress packets. An attacker could explo

CVE-2026-20067 [MEDIUM] CWE-787 CVE-2026-20067: Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could a Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking when parsing the Multicast DNS fields of the HTTP hea

CVE-2026-20068 [MEDIUM] CWE-248 CVE-2026-20068: Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could a Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking when parsing remote procedure call (RPC) data. An att

CVE-2026-20057 [MEDIUM] CWE-369 CVE-2026-20057: Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications (VBA) feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA data. An attacker could exploit this vulnerability

CVE-2025-20359 [MEDIUM] CWE-127 CVE-2025-20359: Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer handling when the MIME fields of the HTTP header are

CVE-2025-20360 [MEDIUM] CWE-805 CVE-2025-20360: Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by

CVE-2025-20356 [MEDIUM] CWE-79 CVE-2025-20356: A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an au A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An att

CVE-2025-20357 [MEDIUM] CWE-79 CVE-2025-20357: A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an au A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An att

CVE-2022-20685 [HIGH] CWE-190 CVE-2022-20685: A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthentica A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic thr

CVE-2023-20071 [MEDIUM] CWE-1039 CVE-2023-20071: Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could all Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP t

CVE-2022-20943 [MEDIUM] CWE-244 CVE-2022-20943: Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detecti Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system r

CVE-2022-20922 [MEDIUM] CWE-244 CVE-2022-20922: Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detecti Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system r

CVE-2020-3448 [MEDIUM] CWE-284 CVE-2020-3448: A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerab