Cisco patch a tierce vulnerability in the Same device ( Catalyst PON electrical switch CGP - ONT-1P , CGP - ONT-4P , CGP - ONT-4PV , CGP - ONT-4PVC , and CGP - ONT-4TVCW typecast ) that could be step remotely without hallmark to variety the gimmick ’s mise en scene . Cisco too patch Webex , Umbrella , Prime Infrastructure ( PI ) and Evolved Programmable Network Manager ( EPNM ) , Unified Communications , Common Services Platform Collector ( CSPC ) , Prime Access Registrar , and AnyConnect Secure Mobility Client for Windows for assorted sensitive - asperity security measure blemish . The second gear CVE-2021 - 40113 fault move the endeavour switching ’ WWW - base management user interface and can be victimised remotely without necessitate hallmark . The vulnerability subsist due to wretched input substantiation of entrance email , and it does not demand certification to be put-upon successfully . The exposure , name as CVE-2021 - 40119 ( CVSS 9.8 ) , could admit an unauthenticated , outside aggressor to logarithm in as antecedent on a vulnerable gimmick . Cisco likewise exhaust update for a mellow - harshness exposure ( CVE-2021 - 34739 , CVSS make 8.1 ) in minor patronage switch over on Wednesday , which might give up an assailant to remotely memory access a susceptible twist by replay valid drug user session credentials . Because still SSH Key are utilise across initiation , an adversary might snatch the Florida key from an aggressor - assure organization and and then use them to lumber in to a susceptible system of rules . all the same , because these ware have get through cease - of - living , a couple up of metier - inclemency have-to doe with discover in Small Business 200 , 300 , and 500 serial publication substitution and RV series router will rest unpatched . A remote control assailant might effort a senior high school - rigor golf hole ( CVE-2021 - 34741 , CVSS musical score of 7.5 ) in AsyncOS package for Cisco Email Security Appliance ( ESA ) to get a abnegation of military service scenario . The vulnerability would set aside the assailant to derive master of the contrivance . Cisco put forward that none of the exposure have been tap in the state of nature . The nigh severe of these weakness , allot to Cisco , are CVE-2021 - 34795 and CVE-2021 - 40113 ( CVSS 10.0 ) , two blemish in Catalyst PON switch over that might be work to lumber in to a susceptible gimmick exploitation accidental debug certificate or perform unauthenticated instruction injectant . Cisco also turn to a sober security measure cut in Policy Suite ’s cay - ground SSH certification method acting this week . The matter countenance an aggressor to fulfill dictation as source because drug user - supply stimulus is n’t full verify . CVE-2021 - 34795 be in the Telnet servicing of Cisco Catalyst PON serial publication change over ONT , harmonize to the commercial enterprise , and could be secondhand to create a Telnet session with the gimmick habituate the default certification . CVE-2021 - 40112 is the tease ’s identifier ( CVSS 8.6 ) .