CVE-2021-1601
published 2021-07-22CVE-2021-1601: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an…
PriorityP344high8.3CVSS 3.1
AVAACLPRNUINSUCLIHAH
EPSS
0.40%
32.0th percentile
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_intersight_virtual_appliance | — | — |
| cisco | intersight_virtual_appliance | — | — |
| cisco | intersight_virtual_appliance_ipv4_and_ipv6_forwarding | — | — |
CVSS provenance
nvdv3.18.3HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
nvdv2.05.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
vendor_cisco·2021-07-21·CVSS 8.3
CVE-2021-1600 [HIGH] CWE-284 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.
These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory i
Cisco
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1601 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
CVE-2021-1601: Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CWE-284, CWE-284
Bug IDs: CSCvx844
GHSA
GHSA-fxvh-v448-8246: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services
ghsa_unreviewed·2022-05-24
CVE-2021-1601 [HIGH] CWE-287 GHSA-fxvh-v448-8246: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-22
Published