Filtered by vendor Cisco
Subscribe
Total
6186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1543 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1542 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2024-11-21 | 9.3 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1541 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1540 | 1 Cisco | 5 Asr 5000, Asr 5500, Asr 5700 and 2 more | 2024-11-21 | 6.0 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1539 | 1 Cisco | 5 Asr 5000, Asr 5500, Asr 5700 and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1538 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 9.0 HIGH | 4.7 MEDIUM |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root. | |||||
| CVE-2021-1537 | 1 Cisco | 1 Thousandeyes Recorder | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer. | |||||
| CVE-2021-1536 | 1 Cisco | 5 Webex Meetings Desktop, Webex Meetings Online, Webex Meetings Server and 2 more | 2024-11-21 | 6.9 MEDIUM | 4.8 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account. | |||||
| CVE-2021-1535 | 1 Cisco | 1 Sd-wan Vmanage | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system. | |||||
| CVE-2021-1534 | 1 Cisco | 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. | |||||
| CVE-2021-1532 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem. | |||||
| CVE-2021-1531 | 1 Cisco | 1 Modeling Labs | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected server. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web application, virl2, on the underlying operating system of the affected server. To exploit this vulnerability, the attacker must have valid user credentials on the web UI. | |||||
| CVE-2021-1530 | 1 Cisco | 1 Broadworks Messaging Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a partial DoS condition on an affected system. There are workarounds that address this vulnerability. | |||||
| CVE-2021-1529 | 1 Cisco | 57 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4p Integrated Services Router and 54 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | |||||
| CVE-2021-1528 | 1 Cisco | 19 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Vedge 100 and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user. | |||||
| CVE-2021-1527 | 1 Cisco | 1 Webex Player | 2024-11-21 | 5.8 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a malicious WRF file to a user as a link or email attachment and then persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the affected software and view memory state information. | |||||
| CVE-2021-1526 | 1 Cisco | 1 Webex Player | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2021-1525 | 1 Cisco | 2 Webex Meetings Online, Webex Meetings Server | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks. | |||||
| CVE-2021-1524 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. | |||||
| CVE-2021-1523 | 1 Cisco | 10 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 7 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. This vulnerability is due to mishandling of ingress TCP traffic to a specific port. An attacker could exploit this vulnerability by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device. A successful exploit could allow the attacker to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable. Note: This vulnerability requires a manual intervention to power-cycle the device to recover. | |||||