How severe is CVE-2021-1388?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2021-1388?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2021-1388 - CRITICAL Severity | CVSS 10

Vulnerability Description

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.

Related Vulnerabilities

CVE-2018-4310

CRITICAL

CVSS:10.0(Critical)

An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CWE-2692018

CVE-2020-27655

CRITICAL

CVSS:10.0(Critical)

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CWE-2692020

CVE-2022-24783

CRITICAL

CVSS:10.0(Critical)

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in...

CWE-2692022

CVE-2024-6240

CRITICAL

CVSS:10.0(Critical)

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV enviro...

CWE-2692024

CVE-2025-0505

CRITICAL

CVSS:10.0(Critical)

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary...

CWE-2692025

CVE-2020-15149

CRITICAL

CVSS:9.9(Critical)

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially c...

CWE-2692020