How severe is CVE-2021-1442?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2021-1442?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2021-1442

HIGH Year: 2021

CVSS v3 Score

7.0

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-532

View all →

Vulnerability Description

A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.

CVE-2018-18466

HIGH

CVSS:7.0(High)

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in th...

CWE-5322018

CVE-2020-6295

HIGH

CVSS:7.0(High)

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log file...

CWE-5322020

CVE-2022-20806

HIGH

CVSS:7.1(High)

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker...

CWE-5322022

CVE-2024-24272

HIGH

CVSS:7.1(High)

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed ...

CWE-5322024

CVE-2024-28186

HIGH

CVSS:7.1(High)

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization ...

CWE-5322024

CVE-2025-20231

HIGH

CVSS:7.1(High)

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not ...

CWE-5322025

CVE-2021-1442

Vulnerability Description

Related Vulnerabilities

CVE-2018-18466

CVE-2020-6295

CVE-2022-20806

CVE-2024-24272

CVE-2024-28186

CVE-2025-20231