Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-34698 | Memory Leak vulnerability in Cisco Asyncos A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2021-10-06 | CVE-2021-34702 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. | 4.3 |
| 2021-10-06 | CVE-2021-34706 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. | 5.4 |
| 2021-10-06 | CVE-2021-34710 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2021-10-06 | CVE-2021-34711 | Path Traversal vulnerability in Cisco products A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. | 5.5 |
| 2021-10-06 | CVE-2021-34735 | Unspecified vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2021-10-06 | CVE-2021-34742 | Cross-site Scripting vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. | 6.1 |
| 2021-10-06 | CVE-2021-34744 | Use of Hard-coded Credentials vulnerability in Cisco products Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. | 4.9 |
| 2021-10-06 | CVE-2021-34748 | OS Command Injection vulnerability in Cisco Intersight Virtual Appliance 1.0.9150/1.0.9230/1.0.9292 A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. | 8.8 |
| 2021-10-06 | CVE-2021-34757 | Use of Hard-coded Credentials vulnerability in Cisco products Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. | 5.5 |