Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-1495 | Improper Handling of Exceptional Conditions vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |
| 2021-04-29 | CVE-2021-1489 | Resource Exhaustion vulnerability in Cisco Firepower Device Manager A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. | 6.5 |
| 2021-04-29 | CVE-2021-1477 | Unspecified vulnerability in Cisco Firepower Management Center A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. | 4.3 |
| 2021-04-29 | CVE-2021-1455 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-04-29 | CVE-2021-1476 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. | 6.7 |
| 2021-04-29 | CVE-2021-1458 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-04-29 | CVE-2021-1457 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-04-29 | CVE-2021-1456 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-04-29 | CVE-2021-1369 | XXE vulnerability in Cisco Firepower Device Manager A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. | 5.4 |
| 2021-04-29 | CVE-2021-1256 | Files or Directories Accessible to External Parties vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. | 6.0 |