Skip to main content

Product Directory Enterprise Compliance Pulse AI Analyst Compare Docs

Login Start Free

Loading...

Cloud security intelligence for modern infrastructure.

Stay informed

📬 Product updates & blog posts🛡️ CVE & vendor advisory alerts

Frequency:

Sent from noreply@echelongraph.io · Unsubscribe anytime

Product

Overview
Enterprise
Agents
AI Analyst
Pricing
Compare
vs. Competitors

Resources

CVE Pulse
Vendor Health
Compliance Directory
Newsletter
Documentation
Readiness Calculator
Blog

Security Tools

Surface Scanner
AI Security Index
AI Threat Map
Shadow AI Radar
KEV-Exposure Radar
Exposed Data-Stores
Leaked Credentials
Shadow Engine Map

Company

Design Partners
Changelog
Contact
Responsible Disclosure
Verify a Scan

Legal

Privacy
Terms
Security
DPA

© 2026 EchelonGraph, Inc. All rights reserved.

SOC 2 Type IIISO 27001GDPRHIPAA Ready

Home›CVE Pulse›CWE-20

CWE-20— Improper Input Validation

11,530 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-20page 130 of 231

CVE-2020-3228HIGHCVSS 8.6EG 8.6
2020-06-03
A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a den…
CVE-2020-3230HIGHCVSS 7.5EG 7.5
2020-06-03
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The…
CVE-2020-3235HIGHCVSS 7.7EG 7.7
2020-06-03
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) co…
CVE-2020-3238HIGHCVSS 8.1EG 8.1
2020-06-03
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected …
CVE-2020-3239HIGHCVSS 8.8EG 8.8
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3240HIGHCVSS 7.3EG 7.3
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3243CRITICALCVSS 9.8EG 9.8
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3244MEDIUMCVSS 5.3EG 5.3
2020-06-18
A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. Th…
CVE-2020-3247CRITICALCVSS 9.8EG 9.8
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3248CRITICALCVSS 9.8EG 9.8
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3249HIGHCVSS 7.5EG 7.5
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3250CRITICALCVSS 9.8EG 9.8
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3251HIGHCVSS 8.8EG 8.8
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3252MEDIUMCVSS 6.5EG 6.5
2020-04-15
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more informat…
CVE-2020-3257HIGHCVSS 8.1EG 8.1
2020-06-03
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software coul…
CVE-2020-3262HIGHCVSS 7.5EG 7.5
2020-04-15
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) conditio…
CVE-2020-3263HIGHCVSS 7.5EG 7.5
2020-06-18
A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to applicatio…
CVE-2020-3272HIGHCVSS 7.5EG 7.5
2020-05-22
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validati…
CVE-2020-3280CRITICALCVSS 9.8EG 9.8
2020-05-22
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to inse…
CVE-2020-3302HIGHCVSS 8.1EG 8.1
2020-05-06
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input val…
CVE-2020-3304HIGHCVSS 8.6EG 8.6
2020-10-21
A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, result…
CVE-2020-3307MEDIUMCVSS 5.3EG 5.3
2020-05-06
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient in…
CVE-2020-3309HIGHCVSS 7.2EG 7.2
2020-05-06
A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improp…
CVE-2020-3314MEDIUMCVSS 6.1EG 6.1
2020-05-22
A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condi…
CVE-2020-3317HIGHCVSS 7.5EG 7.5
2020-10-21
A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl…
CVE-2020-3319LOWCVSS 3.3EG 3.3
2020-06-03
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affecte…
CVE-2020-3321LOWCVSS 3.3EG 3.3
2020-06-03
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affecte…
CVE-2020-3322LOWCVSS 3.3EG 3.3
2020-06-03
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affecte…
CVE-2020-3323CRITICALCVSS 9.8EG 9.8
2020-07-16
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is d…
CVE-2020-3327HIGHCVSS 7.5EG 7.5
2020-05-13
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due t…
CVE-2020-3341HIGHCVSS 7.5EG 7.5
2020-05-13
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability …
CVE-2020-3345MEDIUMCVSS 4.3EG 4.3
2020-07-16
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on p…
CVE-2020-3357CRITICALCVSS 9.8EG 9.8
2020-07-16
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected de…
CVE-2020-3358HIGHCVSS 8.6EG 8.6
2020-07-16
A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition.…
CVE-2020-3359HIGHCVSS 8.6EG 8.6
2020-09-24
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilit…
CVE-2020-3363HIGHCVSS 8.6EG 8.6
2020-08-17
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability i…
CVE-2020-3368MEDIUMCVSS 5.8EG 5.8
2020-06-18
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulner…
CVE-2020-3370MEDIUMCVSS 5.8EG 5.8
2020-07-16
A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation.…
CVE-2020-3375CRITICALCVSS 9.8EG 9.8
2020-07-31
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this v…
CVE-2020-3379HIGHCVSS 7.8EG 7.8
2020-07-16
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacke…
CVE-2020-3383HIGHCVSS 8.8EG 8.8
2020-07-31
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper inp…
CVE-2020-3387HIGHCVSS 8.8EG 8.8
2020-07-16
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authenticati…
CVE-2020-3390HIGHCVSS 7.4EG 7.4
2020-09-24
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to caus…
CVE-2020-3393MEDIUMCVSS 6.0EG 7.8
2020-09-24
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the applicat…
CVE-2020-3397HIGHCVSS 8.6EG 8.6
2020-08-27
A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of s…
CVE-2020-3398HIGHCVSS 8.6EG 8.6
2020-08-27
A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of servic…
CVE-2020-3409HIGHCVSS 7.4EG 7.4
2020-09-24
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on …
CVE-2020-3425HIGHCVSS 8.8EG 8.8
2020-09-24
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. Fo…
CVE-2020-3426HIGHCVSS 7.5EG 7.5
2020-09-24
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) c…
CVE-2020-3428MEDIUMCVSS 6.5EG 6.5
2020-09-24
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affect…

← PreviousPage 130 of 231Next →

Map vulnerabilities like CWE-20 to your infrastructure

EchelonGraph correlates every CVE — across CWE-20 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →