How severe is CVE-2021-1435?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2021-1435?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-1435 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Related Vulnerabilities

CVE-2018-2380

MEDIUM

CVSS:6.6(Medium)

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are...

CWE-222018

CVE-2024-12083

MEDIUM

CVSS:6.6(Medium)

Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code ...

CWE-222024

CVE-2024-23772

MEDIUM

CVSS:6.6(Medium)

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This ...

CWE-222024

CVE-2024-47309

MEDIUM

CVSS:6.6(Medium)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities...

CWE-222024

CVE-2025-0694

MEDIUM

CVSS:6.6(Medium)

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.

CWE-222025

CVE-2025-0750

MEDIUM

CVSS:6.6(Medium)

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to un...

CWE-222025