How severe is CVE-2021-1354?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2021-1354?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2021-1354 - LOW Severity | CVSS 3.5

Vulnerability Description

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.

Related Vulnerabilities

CVE-2016-1000033

LOW

CVSS:3.7(Low)

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

CWE-2952016

CVE-2016-9015

LOW

CVSS:3.7(Low)

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the li...

CWE-2952016

CVE-2017-15528

LOW

CVSS:3.7(Low)

Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pub...

CWE-2952017

CVE-2019-1552

LOW

CVSS:3.3(Low)

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDI...

CWE-2952019

CVE-2019-4150

LOW

CVSS:3.7(Low)

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) a...

CWE-2952019

CVE-2019-4654

LOW

CVSS:3.7(Low)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-F...

CWE-2952019