Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-18 | CVE-2021-34749 | Information Exposure vulnerability in Cisco products A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. | 8.6 |
| 2021-08-04 | CVE-2021-1572 | Improper Privilege Management vulnerability in Cisco Confd and Network Services Orchestrator A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. | 7.8 |
| 2021-08-04 | CVE-2021-1593 | Uncontrolled Search Path Element vulnerability in Cisco Packet Tracer A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. | 7.3 |
| 2021-08-04 | CVE-2021-1610 | Unspecified vulnerability in Cisco Small Business RV Series Router Firmware Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 |
| 2021-07-22 | CVE-2021-1518 | Code Injection vulnerability in Cisco Firepower Device Manager On-Box A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. | 8.8 |
| 2021-07-22 | CVE-2021-1600 | Unspecified vulnerability in Cisco Intersight Virtual Appliance 1.0(1) Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. low complexity cisco | 8.3 |
| 2021-07-22 | CVE-2021-1601 | Unspecified vulnerability in Cisco Intersight Virtual Appliance 1.0(1) Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. low complexity cisco | 8.3 |
| 2021-07-22 | CVE-2021-1618 | OS Command Injection vulnerability in Cisco Intersight Virtual Appliance 1.0.9148/1.0.9150/1.0.9230 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. | 7.2 |
| 2021-07-16 | CVE-2021-1422 | Reachable Assertion vulnerability in Cisco products A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. | 7.7 |
| 2021-07-08 | CVE-2021-1359 | Unspecified vulnerability in Cisco Asyncos and web Security Appliance A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. | 8.8 |