How severe is CVE-2021-1361?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2021-1361?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2021-1361 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.

Related Vulnerabilities

CVE-2018-10867

CRITICAL

CVSS:9.1(Critical)

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.

CWE-5522018

CVE-2020-15175

CRITICAL

CVSS:9.1(Critical)

In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for ...

CWE-5522020

CVE-2020-17519

CRITICAL

CVSS:9.1(Critical)

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the Job...

CWE-5522020

CVE-2023-31066

CRITICAL

CVSS:9.1(Critical)

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong coul...

CWE-5522023

CVE-2024-21403

CRITICAL

CVSS:9.0(Critical)

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CWE-5522024

CVE-2021-20182

HIGH

CVSS:8.8(High)

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to th...

CWE-5522021