June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-41167 – Node.js modern-async module
October 22, 2021
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
October 22, 2021
Rewterz Threat Advisory – CVE-2021-41167 – Node.js modern-async module
October 22, 2021
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
October 22, 2021
Severity
Medium
Analysis Summary
CVE-2021-34760
Cisco TelePresence Management Suite is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-34738
Cisco Identity Services Engine is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by web-based management interface. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-40121
Cisco Identity Services Engine is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by web-based management interface. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-1529
Cisco IOS XE SD-WAN Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input validation by the system CLI. By sending specially-crafted input to the system CLI, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with root privileges.
CVE-2021-34743
Cisco Webex Software Application is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to read data from that user’s profile. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Cross-Site Scripting
- Command Execution
- Security Bypass
Affected Vendors
Cisco
Affected Products
- Cisco TelePresence Management Suite (TMS)
- Cisco Identity Services Engine 2.6
- Cisco Identity Services Engine 2.7
- Cisco Identity Services Engine 3.0
- Cisco IOS XE Software Cisco Cloud Services Router (CSR) 1000V Series
- Cisco IOS XE SD-WAN Software
- Cisco 1000 Series Integrated Services Routers (ISRs)
- Cisco 4000 Series ISRs
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Catalyst 8000 Series Edge Platforms
- Cisco Webex Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-34760
CVE-2021-34738
CVE-2021-40121
CVE-2021-1529
CVE-2021-34743
