Vulnerability Details : CVE-2021-1601
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-1601
- cpe:2.3:a:cisco:intersight_virtual_appliance:1.0\(1\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1601
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1601
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
NIST | |
8.3
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
2.8
|
5.5
|
Cisco Systems, Inc. | |
8.3
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
2.8
|
5.5
|
NIST |
CWE ids for CVE-2021-1601
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2021-1601
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding VulnerabilitiesPatch;Vendor Advisory
Jump to