How severe is CVE-2021-34773?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-34773?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2021-34773 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.

Related Vulnerabilities

CVE-2004-1995

MEDIUM

CVSS:6.5(Medium)

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

CWE-3522004

CVE-2005-1674

MEDIUM

CVSS:6.5(Medium)

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CWE-3522005

CVE-2005-2059

MEDIUM

CVSS:6.5(Medium)

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow r...

CWE-3522005

CVE-2009-3022

MEDIUM

CVSS:6.5(Medium)

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change conten...

CWE-3522009

CVE-2011-3609

MEDIUM

CVSS:6.5(Medium)

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP ...

CWE-3522011

CVE-2011-5250

MEDIUM

CVSS:6.5(Medium)

Snare for Linux before 1.7.0 has CSRF in the web interface.

CWE-3522011