Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2021-1416 Incorrect Privilege Assignment vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information.
network
low complexity
cisco CWE-266
4.0
2021-02-17 CVE-2021-1412 Incorrect Privilege Assignment vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information.
network
low complexity
cisco CWE-266
4.0
2021-02-17 CVE-2021-1378 Resource Exhaustion vulnerability in Cisco Staros
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
5.0
2021-02-17 CVE-2021-1372 Exposure of Sensitive Data Through Data Queries vulnerability in Cisco Webex Meetings and Webex Meetings Server
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.
local
low complexity
cisco CWE-202
2.1
2021-02-17 CVE-2021-1366 Improper Verification of Cryptographic Signature vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
local
cisco CWE-347
6.9
2021-02-17 CVE-2021-1351 Improper Neutralization of Script-Related Html Tags in A web Page (Basic XSS) vulnerability in Cisco Webex Meetings 41.1.0
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service.
network
cisco CWE-80
4.3
2021-02-04 CVE-2021-1389 Improper Access Control vulnerability in Cisco IOS XR
A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device.
network
low complexity
cisco CWE-284
6.4
2021-02-04 CVE-2021-1370 OS Command Injection vulnerability in Cisco IOS XR
A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root.
local
low complexity
cisco CWE-78
7.2
2021-02-04 CVE-2021-1354 Improper Certificate Validation vulnerability in Cisco Unified Computing System Central Software
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM).
low complexity
cisco CWE-295
2.7
2021-02-04 CVE-2021-1348 Stack-Based Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
network
low complexity
cisco CWE-121
critical
9.0