CVE-2021-1600 HIGH

CVE-2021-1600: Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Vendor Cisco

Product Cisco Intersight Virtual Appliance

Weakness CWE-284

Published July 22, 2021

Last update November 7, 2024

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.

Key dates

02Disclosure timeline

July 22, 2021 CVE published

November 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-1600

Related vulnerabilities

CVE-2021-1600: Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE