The almost life-threatening of these helplessness , allot to Cisco , are CVE-2021 - 34795 and CVE-2021 - 40113 ( CVSS 10.0 ) , two fault in Catalyst PON change that might be work to log in to a susceptible gimmick victimisation inadvertent debug certificate or do unauthenticated statement injection . CVE-2021 - 34795 exist in the Telnet serving of Cisco Catalyst PON serial change ONT , fit in to the occupation , and could be victimized to create a Telnet academic term with the device employ the nonremittal credentials . The exposure would set aside the attacker to realise ascertain of the appliance . The mo CVE-2021 - 40113 fault bear upon the endeavour replacement ’ entanglement - establish management user interface and can be tap remotely without demand assay-mark . The result admit an aggressor to do mastery as theme because substance abuser - issue remark is n’t to the full affirm . Cisco patch up a 3rd exposure in the like device ( Catalyst PON electric switch CGP - ONT-1P , CGP - ONT-4P , CGP - ONT-4PV , CGP - ONT-4PVC , and CGP - ONT-4TVCW type ) that could be clapperclaw remotely without authentication to change the twist ’s mount . CVE-2021 - 40112 is the glitch ’s identifier ( CVSS 8.6 ) . Cisco also deal a severe security system matter in Policy Suite ’s tonality - ground SSH hallmark method acting this week . The vulnerability , name as CVE-2021 - 40119 ( CVSS 9.8 ) , could give up an unauthenticated , removed attacker to log in as settle down on a vulnerable twist . Because motionless SSH distinguish are use across installing , an opposer might seize the tonality from an aggressor - ascertain organization and then utilization them to lumber in to a susceptible scheme . Cisco likewise put out update for a gamy - austereness exposure ( CVE-2021 - 34739 , CVSS make 8.1 ) in diminished patronage substitution on Wednesday , which might leave an assaulter to remotely approach a susceptible twist by play back valid drug user session certificate . A distant assailant might feat a mellow - grimness golf hole ( CVE-2021 - 34741 , CVSS hit of 7.5 ) in AsyncOS package for Cisco Email Security Appliance ( ESA ) to drive a abnegation of armed service scenario . The exposure exist due to pitiful stimulant validation of entering netmail , and it does not command certification to be ill-used successfully . Cisco likewise patch up Webex , Umbrella , Prime Infrastructure ( PI ) and Evolved Programmable Network Manager ( EPNM ) , Unified Communications , Common Services Platform Collector ( CSPC ) , Prime Access Registrar , and AnyConnect Secure Mobility Client for Windows for several culture medium - rigourousness security defect . nonetheless , because these intersection have reach out close - of - living , a mates of intermediate - rigour come to observe in Small Business 200 , 300 , and 500 serial publication swop and RV series router will persist unpatched . Cisco stated that none of the exposure have been victimised in the crazy .