Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-27 | CVE-2021-40116 | Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. | 7.5 |
| 2021-10-27 | CVE-2021-40117 | Resource Exhaustion vulnerability in Cisco products A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2021-10-27 | CVE-2021-40118 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. | 7.5 |
| 2021-10-21 | CVE-2021-1529 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. | 7.8 |
| 2021-10-21 | CVE-2021-34736 | Improper Input Validation vulnerability in Cisco Unified Computing System A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. | 7.5 |
| 2021-10-21 | CVE-2021-34743 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. | 7.1 |
| 2021-10-21 | CVE-2021-40122 | Improper Resource Shutdown or Release vulnerability in Cisco Meeting Server A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2021-10-06 | CVE-2021-1594 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. | 8.1 |
| 2021-10-06 | CVE-2021-34698 | Memory Leak vulnerability in Cisco Asyncos A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2021-10-06 | CVE-2021-34710 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 8.8 |