How severe is CVE-2021-1243?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-1243?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2021-1243 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.

Related Vulnerabilities

CVE-2010-2232

HIGH

CVSS:7.5(High)

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

CWE-2842010

CVE-2012-4380

HIGH

CVSS:7.5(High)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

CWE-2842012

CVE-2013-2972

HIGH

CVSS:7.5(High)

IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868.

CWE-2842013

CVE-2014-3929

HIGH

CVSS:7.5(High)

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.

CWE-2842014

CVE-2014-3930

HIGH

CVSS:7.5(High)

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credential...

CWE-2842014

CVE-2014-9504

HIGH

CVSS:7.5(High)

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.

CWE-2842014