Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affecte...

Cisco Identity Services Engine Sensitive Information Disclosure (cisco-sa-ise-info-disc-pNXtLhdp)

According to its self-reported version, Cisco Identity Services Engine Software is affected by a sensitive information disclosure vulnerability in the web-based management interface due improper enforcement of administrator privilege levels for low-value sensitive data. An authenticated, remote...

CVE-2021-34748 Cisco Intersight Virtual Appliance Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2021-34772

The CVE-2021-34772 issue affects Cisco Orbital’s web-based management interface and is an open redirect caused by improper validation of URL paths. An unauthenticated, remote attacker can persuade a user to click a crafted URL, leading to the user being redirected to a malicious webpage. The vuln...

CVE-2021-34712 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

CVE-2021-34712 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

Cisco SD-WAN vManage Software Cypher Query Language Injection (cisco-sa-sd-wan-jOsuRJCc)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an...

CVE-2021-34732

Cisco Prime Collaboration Provisioning’s web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient validation of user-supplied input. An unauthenticated, remote attacker can coax a user to click a crafted link, allowing arbitrary script execution within the us...

CVE-2021-34732 Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input...

Multiple Vulnerabilities in Cisco Small Business RV340 and Cisco Small Business

The Cisco Small Business RV340 and the Cisco Small Business are both products of Cisco, Inc.The Cisco Small Business RV340 is a router. Cisco Small Business RV340 is a router, a hardware device that connects two or more networks and acts as a gateway between networks.Cisco Small Business is a...

Critical flaws in Cisco’s Small Business RV Series VPN routers

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Cisco has patched serious vulnerabilities that might be exploited by sending maliciously crafted HTTP requests to the web-based management interfaces of vulnerable Small Business RV Series Routers. However, the remote...

CVE-2021-1610

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

CVE-2021-1610

CVE-2021-1610 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability exists in the web-based management interface and can allow an authenticated attacker with root privileges to execute arbitrary commands on the device. Cisco’s advisory notes...

CVE-2021-1602 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

CVE-2021-1602 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Multiple Vulnerabilities (cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy)

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple vulnerabilities: - A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an...

CVE-2021-1618

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An...

CVE-2021-1617 Cisco Intersight Virtual Appliance Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An...