CVE-2021-1601

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.

Published: Jul 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-1601
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.3
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / intersight_virtual_appliance	1.0(1)	1.0(1).x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8

Vulnerability Database

289,599

CVE-2021-1601