CVE-2021-34735
CVE-2021-34735 is a high-severity vulnerability in Cisco Ata 190 Firmware with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-770.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 7.8
- EPSS exploit prediction: 2% (77th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-770
- Affected product: Cisco Ata 190 Firmware
- Published:
- Last modified:
Description
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Frequently asked questions
- What is CVE-2021-34735?
- Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- How severe is CVE-2021-34735?
- CVE-2021-34735 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2021-34735 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (77th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-34735?
- CVE-2021-34735 primarily affects Cisco Ata 190 Firmware. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-34735?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-34735 published?
- CVE-2021-34735 was published on 2021-10-06 and last updated on 2026-06-17.
References
Affected products (3)
- cpe:2.3:o:cisco:ata_190_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ata_191_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ata_192_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Cisco Ata 190 Firmware
- CVE-2021-34710 — High (CVSS 8.8): Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to…
- CVE-2022-20691 — Medium (CVSS 5.3): A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter…
- CVE-2022-20690 — Medium (CVSS 5.3): Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter…
- CVE-2022-20689 — Medium (CVSS 5.3): Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter…
- CVE-2022-20688 — Medium (CVSS 5.3): A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware…
- CVE-2022-20687 — Medium (CVSS 5.3): Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog…
All CVEs affecting Cisco Ata 190 Firmware →
Other CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities
- CVE-2026-31283 — Critical (CVSS 9.8): In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email…
- CVE-2020-37067 — Critical (CVSS 9.8): Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers…
- CVE-2021-47875 — Critical (CVSS 9.8): GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the…
- CVE-2025-11832 — Critical (CVSS 9.8): Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access…
- CVE-2024-44241 — Critical (CVSS 9.8): The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia…
- CVE-2022-3439 — Critical (CVSS 9.8): Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.
Browse all CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities →