Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-34782 | Unspecified vulnerability in Cisco DNA Center A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. | 4.3 |
| 2021-09-23 | CVE-2021-1546 | Information Exposure Through an Error Message vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. | 5.5 |
| 2021-09-23 | CVE-2021-1589 | Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. | 6.5 |
| 2021-09-23 | CVE-2021-1616 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. | 4.7 |
| 2021-09-23 | CVE-2021-1625 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. | 5.8 |
| 2021-09-23 | CVE-2021-34696 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. | 5.8 |
| 2021-09-23 | CVE-2021-34703 | Improper Initialization vulnerability in Cisco IOS A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 6.5 |
| 2021-09-23 | CVE-2021-34705 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. | 5.3 |
| 2021-09-23 | CVE-2021-34712 | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. | 6.5 |
| 2021-09-23 | CVE-2021-34723 | Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE 17.3.1A A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. | 6.7 |