cisco intersight-virtual-appliance CVE-2021-1601 is a vulnerability in Cisco Intersight Virtual Appliance
Published on July 22, 2021

Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2021-1601 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2021-1601

Want to know whenever a new CVE is published for Cisco Intersight Virtual Appliance? stack.watch will email you.

Cisco Intersight Virtual Appliance
 

Affected Versions

Cisco Intersight Virtual Appliance Version n/a is affected by CVE-2021-1601

Exploit Probability

EPSS
0.11%
Percentile
28.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.