Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2021-1241 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 7.5 |
| 2021-01-20 | CVE-2021-1222 | SQL Injection vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 8.1 |
| 2021-01-20 | CVE-2021-1219 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. | 7.8 |
| 2021-01-20 | CVE-2021-1141 | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2021-01-20 | CVE-2021-1139 | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2021-01-20 | CVE-2021-1353 | Memory Leak vulnerability in Cisco Staros A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2021-01-20 | CVE-2021-1312 | Resource Exhaustion vulnerability in Cisco Elastic Services Controller A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. | 7.5 |
| 2021-01-20 | CVE-2021-1303 | Incorrect Privilege Assignment vulnerability in Cisco DNA Center A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. | 8.8 |
| 2021-01-20 | CVE-2021-1302 | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. | 8.8 |
| 2021-01-20 | CVE-2021-1299 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 8.8 |