Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-34728 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. | 7.8 |
| 2021-09-09 | CVE-2021-34737 | NULL Pointer Dereference vulnerability in Cisco IOS XR A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. | 7.5 |
| 2021-09-09 | CVE-2021-34771 | Information Exposure vulnerability in Cisco IOS XR A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. | 5.5 |
| 2021-09-09 | CVE-2021-34785 | Improper Authentication vulnerability in Cisco Broadworks Commpilot Application Software Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | 7.2 |
| 2021-09-09 | CVE-2021-34786 | Improper Authentication vulnerability in Cisco Broadworks Commpilot Application Software Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | 4.9 |
| 2021-09-02 | CVE-2021-34732 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2021-09-02 | CVE-2021-34733 | Insufficiently Protected Credentials vulnerability in Cisco products A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. | 5.5 |
| 2021-09-02 | CVE-2021-34746 | Improper Authentication vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. | 9.8 |
| 2021-09-02 | CVE-2021-34759 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-09-02 | CVE-2021-34765 | Files or Directories Accessible to External Parties vulnerability in Cisco Nexus Insights A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. | 4.3 |