Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-1146 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2021-01-13 | CVE-2021-1145 | Link Following vulnerability in Cisco Staros A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. | 6.5 |
| 2021-01-13 | CVE-2021-1144 | Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. | 8.8 |
| 2021-01-13 | CVE-2021-1143 | Missing Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. | 4.3 |
| 2021-01-13 | CVE-2021-1131 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. | 4.3 |
| 2021-01-13 | CVE-2021-1130 | Cross-site Scripting vulnerability in Cisco DNA Center A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 4.8 |
| 2021-01-13 | CVE-2021-1127 | Cross-site Scripting vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
| 2021-01-13 | CVE-2021-1126 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Secure Firewall Management Center A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. | 5.5 |
| 2021-01-13 | CVE-2021-1189 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
| 2021-01-07 | CVE-2020-26085 | OS Command Injection vulnerability in Cisco Jabber Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. | 9.9 |