Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-1574 Use of Hard-coded Credentials vulnerability in Cisco Business Process Automation
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator.
network
low complexity
cisco CWE-798
8.8
2021-07-08 CVE-2021-1576 Use of Hard-coded Credentials vulnerability in Cisco Business Process Automation
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator.
network
low complexity
cisco CWE-798
8.8
2021-07-08 CVE-2021-1585 Code Injection vulnerability in Cisco Adaptive Security Device Manager
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system.
network
high complexity
cisco CWE-94
8.1
2021-06-29 CVE-2021-1134 Improper Certificate Validation vulnerability in Cisco DNA Center
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.
network
high complexity
cisco CWE-295
7.4
2021-06-16 CVE-2021-1541 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco
7.2
2021-06-16 CVE-2021-1542 Improper Authentication vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
network
high complexity
cisco CWE-287
8.1
2021-06-16 CVE-2021-1566 Improper Certificate Validation vulnerability in Cisco Asyncos and Email Security Appliance
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers.
network
high complexity
cisco CWE-295
7.4
2021-06-04 CVE-2021-1502 Unspecified vulnerability in Cisco products
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system.
local
low complexity
cisco
7.8
2021-06-04 CVE-2021-1503 Out-of-bounds Write vulnerability in Cisco Webex Meetings Server and Webex Player
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system.
local
low complexity
cisco CWE-787
7.8
2021-06-04 CVE-2021-1526 Out-of-bounds Write vulnerability in Cisco Webex Player 3.0/4.0
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system.
local
low complexity
cisco CWE-787
7.8