Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-1534 Unspecified vulnerability in Cisco Asyncos
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.
network
low complexity
cisco
5.0
2021-10-06 CVE-2021-1594 Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root.
network
cisco CWE-77
critical
9.3
2021-10-06 CVE-2021-34698 Memory Leak vulnerability in Cisco Asyncos
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-401
7.8
2021-10-06 CVE-2021-34702 Information Exposure vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information.
network
low complexity
cisco CWE-200
4.0
2021-10-06 CVE-2021-34706 XXE vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
5.5
2021-10-06 CVE-2021-34710 Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-77
critical
9.0
2021-10-06 CVE-2021-34711 Path Traversal vulnerability in Cisco products
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system.
local
low complexity
cisco CWE-22
2.1
2021-10-06 CVE-2021-34735 Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-77
7.8
2021-10-06 CVE-2021-34742 Cross-site Scripting vulnerability in Cisco Vision Dynamic Signage Director
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
network
cisco CWE-79
4.3
2021-10-06 CVE-2021-34744 Information Exposure vulnerability in Cisco products
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account.
network
low complexity
cisco CWE-200
4.0