The most life-threatening of these helplessness , harmonize to Cisco , are CVE-2021 - 34795 and CVE-2021 - 40113 ( CVSS 10.0 ) , two flaw in Catalyst PON transposition that might be victimized to logarithm in to a susceptible gimmick employ inadvertent debug certification or perform unauthenticated bidding injectant . CVE-2021 - 34795 live in the Telnet Service of Cisco Catalyst PON serial interchange ONT , concord to the business , and could be practice to make a Telnet sitting with the gimmick apply the default option credential . The vulnerability would leave the assailant to acquire control condition of the contrivance . The endorsement CVE-2021 - 40113 defect impress the endeavour substitution ’ vane - found management port and can be put-upon remotely without command hallmark . The subject reserve an aggressor to do dominate as settle down because drug user - add input is n’t fully swan . Cisco spotted a tierce exposure in the Sami twist ( Catalyst PON electrical switch CGP - ONT-1P , CGP - ONT-4P , CGP - ONT-4PV , CGP - ONT-4PVC , and CGP - ONT-4TVCW typecast ) that could be ill-use remotely without certification to alter the gimmick ’s scope . CVE-2021 - 40112 is the wiretap ’s identifier ( CVSS 8.6 ) . Cisco also plow a severe security measures subject in Policy Suite ’s Key - free-base SSH hallmark method this calendar week . The vulnerability , name as CVE-2021 - 40119 ( CVSS 9.8 ) , could provide an unauthenticated , outback assailant to logarithm in as antecedent on a vulnerable gimmick . Because electrostatic SSH winder are utilise across induction , an adversary might snap the key from an assaulter - control system of rules and so exercise them to lumber in to a susceptible scheme . Cisco also expel update for a gamey - hardship vulnerability ( CVE-2021 - 34739 , CVSS tally 8.1 ) in small line of work alternate on Wednesday , which might grant an assailant to remotely get at a susceptible twist by replay valid substance abuser academic term certificate . A outside assaulter might work a senior high - asperity hole ( CVE-2021 - 34741 , CVSS account of 7.5 ) in AsyncOS software for Cisco Email Security Appliance ( ESA ) to do a disaffirmation of armed service scenario . The exposure be due to poor people input validation of entering electronic mail , and it does not command authentication to be ill-used successfully . Cisco as well spotted Webex , Umbrella , Prime Infrastructure ( PI ) and Evolved Programmable Network Manager ( EPNM ) , Unified Communications , Common Services Platform Collector ( CSPC ) , Prime Access Registrar , and AnyConnect Secure Mobility Client for Windows for versatile average - severity security measure blemish . however , because these ware have touch end - of - aliveness , a twosome of metier - severeness business organisation observe in Small Business 200 , 300 , and 500 serial switch over and RV series router will stay unpatched . Cisco say that none of the exposure have been exploited in the hazardous .