Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2020-26140 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. | 6.5 |
| 2021-05-11 | CVE-2020-26141 | Improper Validation of Integrity Check Value vulnerability in multiple products An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. | 6.5 |
| 2021-05-06 | CVE-2021-1397 | Open Redirect vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
| 2021-05-06 | CVE-2021-1438 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Wide Area Application Services A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. | 5.5 |
| 2021-05-06 | CVE-2021-1447 | Improper Privilege Management vulnerability in Cisco Content Security Management Appliance A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. | 6.7 |
| 2021-05-06 | CVE-2021-1478 | Unspecified vulnerability in Cisco Unified Communications Manager A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. | 6.5 |
| 2021-05-06 | CVE-2021-1486 | Information Exposure Through Discrepancy vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. | 5.3 |
| 2021-05-06 | CVE-2021-1490 | Cross-site Scripting vulnerability in Cisco web Security Appliance A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
| 2021-05-06 | CVE-2021-1499 | Missing Authentication for Critical Function vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. | 5.3 |
| 2021-05-06 | CVE-2021-1507 | Cross-site Scripting vulnerability in Cisco Sd-Wan Vmanage A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. | 5.4 |