Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities on an affected system to take control of system, cause a denial of service (DoS) condition or perform a command injection attack.

These updates include fixes for high severity vulnerabilities:

• Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability – CVE-2021-34698;

• Cisco Intersight Virtual Appliance Command Injection Vulnerability – CVE-2021-34748;

• Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities – CVE-2021-34775, CVE-2021-34776, CVE-2021-34777;

• Cisco Identity Services Engine Privilege Escalation Vulnerability – CVE-2021-1594;

• Cisco ATA 190 Series Analog Telephone Adapter Software command injection attack vulnerabilities – CVE-2021-34710, CVE-2021-34735;

• Cisco AnyConnect Secure Mobility Client for Linux and Mac OS Shared Library Hijacking Vulnerability – CVE-2021-34788.

Cisco has also released patches for several medium severity vulnerabilities in its products. Details on all of the addressed vulnerabilities are available on Cisco’s security portal – cisco.com.