How severe is CVE-2021-1376?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2021-1376?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2021-1376

MEDIUM Year: 2021

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-347

View all →

Vulnerability Description

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2017-12331

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-...

CWE-3472017

CVE-2017-12333

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-...

CWE-3472017

CVE-2017-8190

MEDIUM

CVSS:6.7(Medium)

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high priv...

CWE-3472017

CVE-2018-15374

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnera...

CWE-3472018

CVE-2019-12649

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on a...

CWE-3472019

CVE-2019-12662

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service imag...

CWE-3472019

CVE-2021-1376

Vulnerability Description

Related Vulnerabilities

CVE-2017-12331

CVE-2017-12333

CVE-2017-8190

CVE-2018-15374

CVE-2019-12649

CVE-2019-12662