How severe is CVE-2021-3418?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2021-3418?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2021-3418 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.

Related Vulnerabilities

CVE-2023-25646

MEDIUM

CVSS:6.4(Medium)

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated ...

CWE-2812023

CVE-2019-11748

MEDIUM

CVSS:6.5(Medium)

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in o...

CWE-2812019

CVE-2019-15621

MEDIUM

CVSS:6.5(Medium)

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.

CWE-2812019

CVE-2019-16539

MEDIUM

CVSS:6.5(Medium)

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.

CWE-2812019

CVE-2019-6791

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with vi...

CWE-2812019

CVE-2019-6995

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are ab...

CWE-2812019