Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-33478 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. | 6.8 |
| 2021-07-22 | CVE-2021-1599 | Cross-site Scripting vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. | 5.4 |
| 2021-07-22 | CVE-2021-1614 | Unspecified vulnerability in Cisco Sd-Wan A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. | 5.3 |
| 2021-07-22 | CVE-2021-1617 | Path Traversal vulnerability in Cisco Intersight Virtual Appliance 1.0.9148/1.0.9150/1.0.9230 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. | 6.5 |
| 2021-07-22 | CVE-2021-34700 | Insufficiently Protected Credentials vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. | 5.5 |
| 2021-07-08 | CVE-2021-1562 | Improper Input Validation vulnerability in Cisco Broadworks Application Server A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. | 4.3 |
| 2021-07-08 | CVE-2021-1575 | Cross-site Scripting vulnerability in Cisco Virtualized Voice Browser 11.6/11.6(1)/12.5(1) A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2021-07-08 | CVE-2021-1595 | Memory Leak vulnerability in Cisco products Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. | 6.5 |
| 2021-07-08 | CVE-2021-1596 | Memory Leak vulnerability in Cisco products Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. | 6.5 |
| 2021-07-08 | CVE-2021-1597 | Memory Leak vulnerability in Cisco products Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. | 6.5 |