Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-1432 | Injection vulnerability in Cisco IOS XE and IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. | 7.3 |
| 2021-03-24 | CVE-2021-1431 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. | 7.5 |
| 2021-03-24 | CVE-2021-1403 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. | 7.4 |
| 2021-03-24 | CVE-2021-1398 | Leftover Debug Code vulnerability in Cisco IOS XE A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. | 6.8 |
| 2021-03-24 | CVE-2021-1394 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. | 5.3 |
| 2021-03-24 | CVE-2021-1392 | Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. | 7.8 |
| 2021-03-24 | CVE-2021-1391 | Leftover Debug Code vulnerability in Cisco IOS and IOS XE A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. | 6.7 |
| 2021-03-24 | CVE-2021-1390 | Write-what-where Condition vulnerability in Cisco IOS XE A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. | 6.7 |
| 2021-03-24 | CVE-2021-1385 | Path Traversal vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. | 6.5 |
| 2021-03-24 | CVE-2021-1384 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. | 7.2 |