How severe is CVE-2021-1398?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2021-1398?

This is classified as CWE-489, which is a common weakness in software security.

CVE-2021-1398 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.

Related Vulnerabilities

CVE-2020-8320

MEDIUM

CVSS:6.8(Medium)

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

CWE-4892020

CVE-2024-30219

MEDIUM

CVSS:6.8(Medium)

Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended o...

CWE-4892024

CVE-2024-41999

MEDIUM

CVSS:6.8(Medium)

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the de...

CWE-4892024

CVE-2024-53648

HIGH

CVSS:6.8(Medium)

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP20...

CWE-4892024

CVE-2024-7756

MEDIUM

CVSS:6.8(Medium)

A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.

CWE-4892024

CVE-2025-2919

HIGH

CVSS:6.8(Medium)

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activat...

CWE-4892025