Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-18 | CVE-2021-1561 | Improper Authentication vulnerability in Cisco Secure Email and web Manager A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. | 5.4 |
| 2021-08-18 | CVE-2021-34734 | Double Free vulnerability in Cisco Video Surveillance 7000 IP Camera Firmware 2.12.4 A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.5 |
| 2021-08-04 | CVE-2021-1522 | Weak Password Requirements vulnerability in Cisco Connected Mobile Experiences A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. | 4.3 |
| 2021-08-04 | CVE-2021-34707 | Information Exposure vulnerability in Cisco Evolved Programmable Network Manager A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. | 6.5 |
| 2021-07-22 | CVE-2021-33478 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. | 6.8 |
| 2021-07-22 | CVE-2021-1599 | Cross-site Scripting vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. | 5.4 |
| 2021-07-22 | CVE-2021-1614 | Unspecified vulnerability in Cisco Sd-Wan A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. | 5.3 |
| 2021-07-22 | CVE-2021-1617 | Path Traversal vulnerability in Cisco Intersight Virtual Appliance 1.0.9148/1.0.9150/1.0.9230 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. | 6.5 |
| 2021-07-22 | CVE-2021-34700 | Insufficiently Protected Credentials vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. | 5.5 |
| 2021-07-08 | CVE-2021-1562 | Improper Input Validation vulnerability in Cisco Broadworks Application Server A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. | 4.3 |