Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-34706 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. | 5.4 |
| 2021-10-06 | CVE-2021-34710 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2021-10-06 | CVE-2021-34711 | Path Traversal vulnerability in Cisco products A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. | 5.5 |
| 2021-10-06 | CVE-2021-34735 | Unspecified vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2021-10-06 | CVE-2021-34742 | Cross-site Scripting vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. | 6.1 |
| 2021-10-06 | CVE-2021-34744 | Use of Hard-coded Credentials vulnerability in Cisco products Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. | 4.9 |
| 2021-10-06 | CVE-2021-34748 | OS Command Injection vulnerability in Cisco Intersight Virtual Appliance 1.0.9150/1.0.9230/1.0.9292 A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. | 8.8 |
| 2021-10-06 | CVE-2021-34757 | Use of Hard-coded Credentials vulnerability in Cisco products Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. | 5.5 |
| 2021-10-06 | CVE-2021-34758 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. | 3.3 |
| 2021-10-06 | CVE-2021-34766 | Improper Privilege Management vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. | 8.8 |