Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-34732 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2021-09-02 | CVE-2021-34733 | Insufficiently Protected Credentials vulnerability in Cisco products A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. | 5.5 |
| 2021-09-02 | CVE-2021-34759 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-09-02 | CVE-2021-34765 | Files or Directories Accessible to External Parties vulnerability in Cisco Nexus Insights A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. | 4.3 |
| 2021-08-25 | CVE-2021-1582 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. | 5.4 |
| 2021-08-25 | CVE-2021-1583 | Unspecified vulnerability in Cisco Nx-Os 14.2(7F) A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. | 4.4 |
| 2021-08-25 | CVE-2021-1584 | OS Command Injection vulnerability in Cisco Nx-Os 14.2(7F) A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2021-08-25 | CVE-2021-1590 | Unspecified vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. | 5.3 |
| 2021-08-25 | CVE-2021-1591 | Unspecified vulnerability in Cisco Nx-Os 9.3(4) A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. | 5.3 |
| 2021-08-25 | CVE-2021-1592 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Unified Computing System A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.3 |