How severe is CVE-2021-1586?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2021-1586?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2021-1586

HIGH Year: 2021

CVSS v3 Score

8.6

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-345

View all →

Vulnerability Description

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition.

CVE-2016-4553

HIGH

CVSS:8.6(High)

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via...

CWE-3452016

CVE-2016-4554

HIGH

CVSS:8.6(High)

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smu...

CWE-3452016

CVE-2018-10080

HIGH

CVSS:8.6(High)

Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.

CWE-3452018

CVE-2022-26122

HIGH

CVSS:8.6(High)

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker...

CWE-3452022

CVE-2025-1108

HIGH

CVSS:8.6(High)

Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploi...

CWE-3452025

CVE-2025-24903

HIGH

CVSS:8.5(High)

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0...

CWE-3452025

CVE-2021-1586

Vulnerability Description

Related Vulnerabilities

CVE-2016-4553

CVE-2016-4554

CVE-2018-10080

CVE-2022-26122

CVE-2025-1108

CVE-2025-24903