Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-18 CVE-2021-34715 Improper Verification of Cryptographic Signature vulnerability in Cisco products
A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system.
network
low complexity
cisco CWE-347
critical
9.0
2021-08-04 CVE-2021-1610 Unspecified vulnerability in Cisco Small Business RV Series Router Firmware
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco
critical
9.0
2021-08-04 CVE-2021-1609 Unspecified vulnerability in Cisco Small Business RV Series Router Firmware
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco
critical
10.0
2021-08-04 CVE-2021-1602 OS Command Injection vulnerability in Cisco Small Business RV Series Router Firmware 1.0.0.30/1.0.0.33
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
network
low complexity
cisco CWE-78
critical
10.0
2021-07-22 CVE-2021-1518 Code Injection vulnerability in Cisco Firepower Device Manager On-Box
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.
network
low complexity
cisco CWE-94
critical
9.0
2021-07-08 CVE-2021-1585 Code Injection vulnerability in Cisco Adaptive Security Device Manager
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system.
network
cisco CWE-94
critical
9.3
2021-07-08 CVE-2021-1574 Use of Hard-coded Credentials vulnerability in Cisco Business Process Automation
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator.
network
low complexity
cisco CWE-798
critical
9.0
2021-07-08 CVE-2021-1359 Unspecified vulnerability in Cisco Asyncos and web Security Appliance
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.
network
low complexity
cisco
critical
9.0
2021-06-16 CVE-2021-1542 Improper Authentication vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
network
cisco CWE-287
critical
9.3
2021-06-16 CVE-2021-1541 Improper Authentication vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-287
critical
9.0