How severe is CVE-2021-34716?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2021-34716?

This is classified as CWE-460, which is a common weakness in software security.

CVE-2021-34716 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

Related Vulnerabilities

CVE-2023-46393

HIGH

CVSS:7.5(High)

gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.

CWE-4602023

CVE-2024-0316

HIGH

CVSS:7.5(High)

Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the con...

CWE-4602024

CVE-2025-30157

HIGH

CVSS:7.5(High)

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the ex...

CWE-4602025

CVE-2022-4744

HIGH

CVSS:7.8(High)

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This fl...

CWE-4602022

CVE-2017-9657

MEDIUM

CVSS:6.5(Medium)

Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central...

CWE-4602017

CVE-2025-32439

MEDIUM

CVSS:6.5(Medium)

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spa...

CWE-4602025