How severe is CVE-2021-1233?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2021-1233?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2021-1233 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.

Related Vulnerabilities

CVE-2015-5208

MEDIUM

CVSS:4.4(Medium)

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.

CWE-202015

CVE-2015-7509

MEDIUM

CVSS:4.4(Medium)

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

CWE-202015

CVE-2015-8552

MEDIUM

CVSS:4.4(Medium)

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN message...

CWE-202015

CVE-2016-6246

MEDIUM

CVSS:4.4(Medium)

OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) d...

CWE-202016

CVE-2016-7907

MEDIUM

CVSS:4.4(Medium)

The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to...

CWE-202016

CVE-2017-0164

MEDIUM

CVSS:4.4(Medium)

A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Serv...

CWE-202017