Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2021-1261 | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
| 2021-01-20 | CVE-2021-1260 | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
| 2021-01-20 | CVE-2021-1259 | Path Traversal vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. | 6.8 |
| 2021-01-20 | CVE-2021-1257 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. | 6.8 |
| 2021-01-20 | CVE-2021-1255 | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 5.4 |
| 2021-01-20 | CVE-2021-1253 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 5.4 |
| 2021-01-20 | CVE-2021-1133 | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 7.3 |
| 2021-01-20 | CVE-2021-1129 | Information Exposure Through Sent Data vulnerability in Cisco products A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. | 5.3 |
| 2021-01-13 | CVE-2021-1360 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
| 2021-01-13 | CVE-2021-1311 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Webex Meetings and Webex Meetings Server A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. | 5.4 |