How severe is CVE-2021-40123?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-40123?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2021-40123 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted.

Related Vulnerabilities

CVE-2020-26182

MEDIUM

CVSS:6.5(Medium)

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' re...

CWE-2662020

CVE-2021-1412

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to imp...

CWE-2662021

CVE-2022-1225

MEDIUM

CVSS:6.5(Medium)

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.

CWE-2662022

CVE-2022-20782

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Thi...

CWE-2662022

CVE-2022-20819

MEDIUM

CVSS:6.5(Medium)

CWE-2662022

CVE-2022-3826

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in Huaxia ERP. It has been classified as problematic. This affects an unknown part of the file /depotHead/list of the component Retail Management. The manipulation of the arg...

CWE-2662022