How severe is CVE-2021-34724?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2021-34724?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2021-34724 - MEDIUM Severity | CVSS 6

Vulnerability Description

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device.

Related Vulnerabilities

CVE-2020-3503

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vuln...

CWE-2842020

CVE-2023-31346

MEDIUM

CVSS:6.0(Medium)

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

CWE-2842023

CVE-2024-28016

MEDIUM

CVSS:6.0(Medium)

Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, ...

CWE-2842024

CVE-2024-30211

MEDIUM

CVSS:6.0(Medium)

Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2842024

CVE-2024-40825

MEDIUM

CVSS:6.0(Medium)

The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.

CWE-2842024

CVE-2025-21573

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0...

CWE-2842025