Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-27 | CVE-2021-34761 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. | 6.0 |
| 2021-10-27 | CVE-2021-34763 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. | 4.8 |
| 2021-10-27 | CVE-2021-34764 | Open Redirect vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. | 6.1 |
| 2021-10-27 | CVE-2021-34787 | Improper Handling of Exceptional Conditions vulnerability in Cisco products A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. | 5.3 |
| 2021-10-27 | CVE-2021-34790 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. | 5.3 |
| 2021-10-27 | CVE-2021-34791 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. | 5.3 |
| 2021-10-27 | CVE-2021-34794 | Unspecified vulnerability in Cisco products A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. | 5.3 |
| 2021-10-27 | CVE-2021-40125 | Resource Exhaustion vulnerability in Cisco products A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. | 6.5 |
| 2021-10-21 | CVE-2021-34738 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2021-10-21 | CVE-2021-34760 | Cross-site Scripting vulnerability in Cisco Telepresence Management Suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |