Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-1147 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2021-01-13 | CVE-2021-1146 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2021-01-13 | CVE-2021-1144 | Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. | 8.8 |
| 2021-01-13 | CVE-2021-1189 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
| 2020-11-18 | CVE-2020-3392 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 7.5 |
| 2020-11-18 | CVE-2020-3367 | OS Command Injection vulnerability in Cisco Asyncos A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 7.8 |
| 2020-11-18 | CVE-2020-26076 | Information Exposure vulnerability in Cisco IOT Field Network Director A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. | 7.5 |
| 2020-11-18 | CVE-2020-26075 | SQL Injection vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. | 8.8 |
| 2020-11-18 | CVE-2020-26072 | Improper Privilege Management vulnerability in Cisco IOT Field Network Director A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. | 8.7 |
| 2020-11-12 | CVE-2020-26070 | Improper Resource Shutdown or Release vulnerability in Cisco IOS XR A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |