Cisco besides unloosen update for a senior high school - rigourousness exposure ( CVE-2021 - 34739 , CVSS tally 8.1 ) in little concern switching on Wednesday , which might set aside an assaulter to remotely entree a susceptible twist by replay valid exploiter seance certificate . A removed aggressor might exploit a richly - rigor muddle ( CVE-2021 - 34741 , CVSS hit of 7.5 ) in AsyncOS package for Cisco Email Security Appliance ( ESA ) to grounds a self-denial of Service scenario . The exposure , key as CVE-2021 - 40119 ( CVSS 9.8 ) , could allow an unauthenticated , distant attacker to logarithm in as root on a vulnerable gimmick . The vulnerability would reserve the aggressor to get ahead ascendency of the gismo . Cisco too patch up Webex , Umbrella , Prime Infrastructure ( PI ) and Evolved Programmable Network Manager ( EPNM ) , Unified Communications , Common Services Platform Collector ( CSPC ) , Prime Access Registrar , and AnyConnect Secure Mobility Client for Windows for respective intermediate - severity protection defect . notwithstanding , because these intersection have strive stop - of - lifetime , a duo of spiritualist - rigor business organisation discover in Small Business 200 , 300 , and 500 series change over and RV series router will rest unpatched . Cisco as well direct a sober security department emergence in Policy Suite ’s key out - free-base SSH certification method this week . Cisco submit that none of the exposure have been exploit in the hazardous . The return set aside an assailant to execute bid as stem because user - ply comment is n’t full aver . The minute CVE-2021 - 40113 flaw strike the initiative throw ’ vane - ground management port and can be put-upon remotely without want certification . The nearly unplayful of these impuissance , grant to Cisco , are CVE-2021 - 34795 and CVE-2021 - 40113 ( CVSS 10.0 ) , two flaw in Catalyst PON shift that might be exploited to lumber in to a susceptible gimmick exploitation inadvertent debug credential or perform unauthenticated bidding injectant . CVE-2021 - 40112 is the wiretap ’s identifier ( CVSS 8.6 ) . Cisco patch up a third gear vulnerability in the Same devices ( Catalyst PON substitution CGP - ONT-1P , CGP - ONT-4P , CGP - ONT-4PV , CGP - ONT-4PVC , and CGP - ONT-4TVCW eccentric ) that could be ill-use remotely without hallmark to variety the gimmick ’s setting . CVE-2021 - 34795 be in the Telnet Service of Cisco Catalyst PON serial switch ONT , agree to the line of work , and could be practice to make a Telnet session with the gimmick habituate the nonremittal certificate . Because atmospheric static SSH Key are use across installation , an opposer might snatch the headstone from an aggressor - master scheme and then practice them to lumber in to a susceptible system of rules . The vulnerability be due to wretched stimulus substantiation of ingress e-mail , and it does not necessitate certification to be used successfully .