Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-10 CVE-2022-20707 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
7.3
2022-02-10 CVE-2022-20708 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
low complexity
cisco CWE-78
8.0
2022-02-10 CVE-2022-20709 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
7.5
2022-01-11 CVE-2021-1573 Out-of-bounds Write vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
7.5
2022-01-11 CVE-2021-34704 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
7.5
2021-11-04 CVE-2021-34739 Insufficient Session Expiration vulnerability in Cisco products
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device.
network
high complexity
cisco CWE-613
8.1
2021-11-04 CVE-2021-34741 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Asyncos
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device.
network
low complexity
cisco CWE-770
7.5
2021-11-04 CVE-2021-40112 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco
7.5
2021-11-04 CVE-2021-40120 OS Command Injection vulnerability in Cisco Application Extension Platform and IOS XR
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges.
network
low complexity
cisco CWE-78
7.2
2021-11-04 CVE-2021-40124 Improper Privilege Management vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device.
local
low complexity
cisco CWE-269
7.8