Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-20658 Incorrect Resource Transfer Between Spheres vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.
network
low complexity
cisco CWE-669
8.5
2022-01-11 CVE-2021-1573 HTTP Request Smuggling vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
cisco CWE-444
7.1
2022-01-11 CVE-2021-34704 HTTP Request Smuggling vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
cisco CWE-444
7.1
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
9.3
2021-11-19 CVE-2021-40129 SQL Injection vulnerability in Cisco Common Services Platform Collector
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard.
network
low complexity
cisco CWE-89
4.0
2021-11-19 CVE-2021-40130 Improper Authentication vulnerability in Cisco Common Services Platform Collector
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting.
network
low complexity
cisco CWE-287
4.0
2021-11-19 CVE-2021-40131 Cross-site Scripting vulnerability in Cisco Common Services Platform Collector
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
cisco CWE-79
3.5
2021-11-04 CVE-2021-1500 Open Redirect vulnerability in Cisco Collaboration Meeting Rooms and Webex Video Mesh
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
network
cisco CWE-601
5.8
2021-11-04 CVE-2021-34701 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device.
network
low complexity
cisco CWE-22
4.0
2021-11-04 CVE-2021-34731 Cross-site Scripting vulnerability in Cisco Prime Access Registrar
A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system.
network
cisco CWE-79
3.5