How severe is CVE-2021-1227?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-1227?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2021-1227 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.

Related Vulnerabilities

CVE-2015-9455

HIGH

CVSS:8.1(High)

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.

CWE-3522015

CVE-2017-1000504

HIGH

CVSS:8.1(High)

A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after ...

CWE-3522017

CVE-2017-8099

HIGH

CVSS:8.1(High)

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

CWE-3522017

CVE-2017-9963

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 ...

CWE-3522017

CVE-2018-1000414

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing con...

CWE-3522018

CVE-2018-1000417

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.

CWE-3522018