Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-24 CVE-2021-1441 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time.
local
low complexity
cisco CWE-78
6.7
2021-03-24 CVE-2021-1436 Path Traversal vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.
local
low complexity
cisco CWE-22
4.4
2021-03-24 CVE-2021-1434 Files or Directories Accessible to External Parties vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system.
local
low complexity
cisco CWE-552
6.0
2021-03-24 CVE-2021-1398 Leftover Debug Code vulnerability in Cisco IOS XE
A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device.
low complexity
cisco CWE-489
6.8
2021-03-24 CVE-2021-1394 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device.
network
low complexity
cisco
5.3
2021-03-24 CVE-2021-1391 Leftover Debug Code vulnerability in Cisco IOS and IOS XE
A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege.
local
low complexity
cisco CWE-489
6.7
2021-03-24 CVE-2021-1390 Write-what-where Condition vulnerability in Cisco IOS XE
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device.
local
low complexity
cisco CWE-123
6.7
2021-03-24 CVE-2021-1385 Path Traversal vulnerability in Cisco IOS and IOS XE
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system.
network
low complexity
cisco CWE-22
6.5
2021-03-24 CVE-2021-1383 Argument Injection or Modification vulnerability in Cisco IOS XE
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges.
local
low complexity
cisco CWE-88
6.7
2021-03-24 CVE-2021-1382 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system.
local
low complexity
cisco CWE-78
6.7