Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-1594 Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root.
network
cisco CWE-77
critical
9.3
2021-09-23 CVE-2021-34770 Out-of-bounds Write vulnerability in Cisco IOS XE
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-787
critical
9.0
2021-09-23 CVE-2021-34727 Classic Buffer Overflow vulnerability in Cisco IOS XE Sd-Wan
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device.
network
low complexity
cisco CWE-120
critical
10.0
2021-09-02 CVE-2021-34746 Improper Authentication vulnerability in Cisco Enterprise NFV Infrastructure Software
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.
network
cisco CWE-287
critical
9.3
2021-08-25 CVE-2021-1580 Command Injection vulnerability in Cisco Application Policy Infrastructure Controller
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system.
network
low complexity
cisco CWE-77
critical
9.0
2021-08-25 CVE-2021-1579 Improper Privilege Management vulnerability in Cisco products
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system.
network
low complexity
cisco CWE-269
critical
9.0
2021-08-25 CVE-2021-1578 Improper Handling of Exceptional Conditions vulnerability in Cisco products
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device.
network
low complexity
cisco CWE-755
critical
9.0
2021-08-25 CVE-2021-1577 Unspecified vulnerability in Cisco Application Policy Infrastructure Controller
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system.
network
low complexity
cisco
critical
9.1
2021-08-18 CVE-2021-34730 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
critical
9.8
2021-08-18 CVE-2021-34716 Improper Handling of Exceptional Conditions vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user.
network
low complexity
cisco CWE-755
critical
9.0