Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-33478 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device.
local
low complexity
cisco CWE-119
4.6
2021-07-22 CVE-2021-1518 Code Injection vulnerability in Cisco Firepower Device Manager On-Box
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.
network
low complexity
cisco CWE-94
critical
9.0
2021-07-22 CVE-2021-1599 Cross-Site Scripting vulnerability in Cisco Unified Customer Voice Portal
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user.
network
cisco CWE-79
3.5
2021-07-22 CVE-2021-1600 Improper Authentication vulnerability in Cisco Intersight Virtual Appliance 1.0(1)
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.
low complexity
cisco CWE-287
5.8
2021-07-22 CVE-2021-1601 Improper Authentication vulnerability in Cisco Intersight Virtual Appliance 1.0(1)
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.
low complexity
cisco CWE-287
5.8
2021-07-22 CVE-2021-1614 Unspecified vulnerability in Cisco Sd-Wan
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.
network
low complexity
cisco
5.0
2021-07-22 CVE-2021-1617 Improper Input Validation vulnerability in Cisco Intersight Virtual Appliance
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system.
network
low complexity
cisco CWE-20
5.5
2021-07-22 CVE-2021-1618 Improper Input Validation vulnerability in Cisco Intersight Virtual Appliance
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system.
network
low complexity
cisco CWE-20
critical
9.0
2021-07-22 CVE-2021-34700 Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system.
local
low complexity
cisco CWE-522
4.9
2021-07-08 CVE-2021-1359 Injection vulnerability in Cisco Asyncos and web Security Appliance
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.
network
low complexity
cisco CWE-74
critical
9.0