How severe is CVE-2021-3054?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2021-3054?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2021-3054 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access.

Related Vulnerabilities

CVE-2020-25860

MEDIUM

CVSS:6.6(Medium)

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the fil...

CWE-3672020

CVE-2021-33097

MEDIUM

CVSS:6.6(Medium)

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.

CWE-3672021

CVE-2022-28743

MEDIUM

CVSS:6.6(Medium)

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with admi...

CWE-3672022

CVE-2024-39821

MEDIUM

CVSS:6.6(Medium)

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

CWE-3672024

CVE-2019-7307

MEDIUM

CVSS:6.5(Medium)

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.x...

CWE-3672019

CVE-2024-2913

MEDIUM

CVSS:6.5(Medium)

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple...

CWE-3672024