CVE-2021-1618

CVE-2021-1618 affects Cisco Intersight Virtual Appliance. Vulnerabilities in the web-based management interface allow authenticated, remote attackers to perform path traversal or command injection due to insufficient input validation. Impact per sources: reads/writes of arbitrary files and possib...

CVE-2021-1618 Cisco Intersight Virtual Appliance Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An...

Cisco Integrated Management Controller Command Injection (cisco-sa-CIMC-CIV-pKDBe9x5)

According to its self-reported version, Cisco Integrated Management Controller IMC is affected by a vulnerability in the web UI that allows an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due ...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

CVE-2021-1607 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

CVE-2021-1575 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

Cisco Data Center Network Manager Authorization Bypass Vulnerabilities (cisco-sa-dcnm-authbypass-OHBPbxu)

The version of Cisco Data Center Network Manager installed on the remote host is prior to 11.51. It is, therefore, affected by multiple vulnerabilities in the web-based management interface. A remote, authenticated attacker can exploit these to view, modify, and delete data without proper...

Cisco SD-WAN vManage Software Path Traversal (cisco-sa-vman-pathtrav-Z5mCVsjf)

According to its self-reported version, Cisco SD-WAN vManage Software is affected by a vulnerability in the web-based management interface due to insufficient validation of HTTP requests. An authenticated, remote attacker can exploit this, by sending crafted HTTP requests, in order to conduct pat...

CVE-2021-1571

CVE-2021-1571 affects Cisco Small Business 220 Series Smart Switches’ web-based management interface. The issue stems from improper checks of parameter values, enabling multiple vulnerabilities: session hijacking, potential arbitrary command execution as root, cross-site scripting (XSS), and HTML...

Command injection

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...

CVE-2021-1358

CVE-2021-1358 affects Cisco Finesse’s web-based management interface. The flaw is an open redirect caused by improper validation of URL parameters in HTTP requests, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious URL. Exploi...

CVE-2021-1254

Cisco Finesse’s web-based management interface contains cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An authenticated attacker with administrator credentials can inject malicious scripts, potentially persuading users to click malicious links an...

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...

Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-Q4PZcNzJ)

The version of cisco unified communications manager installed on the remote host is prior to version 14. It is, therefore, affected by multiple cross-site scripting vulnerabilities. Multiple vulnerabilities in the web-based management interface of Cisco Unified CM, could allow an unauthenticated,...

CVE-2021-1499

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...

CVE-2021-1400

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...

CVE-2021-1397 Cisco Integrated Management Controller Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An...

CVE-2021-1401 Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...

CVE-2021-1497

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Recent...