How severe is CVE-2021-1522?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2021-1522?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2021-1522

MEDIUM Year: 2021

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-255

View all →

Vulnerability Description

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.

CVE-2020-1978

MEDIUM

CVSS:4.4(Medium)

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credenti...

CWE-2552020

CVE-2021-21522

MEDIUM

CVSS:4.4(Medium)

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetti...

CWE-2552021

CVE-2015-4400

MEDIUM

CVSS:4.6(Medium)

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainS...

CWE-2552015

CVE-2016-3685

MEDIUM

CVSS:4.7(Medium)

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration infor...

CWE-2552016

CVE-2016-1356

LOW

CVSS:3.7(Low)

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing diff...

CWE-2552016

CVE-2016-8375

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical...

CWE-2552016

CVE-2021-1522

Vulnerability Description

Related Vulnerabilities

CVE-2020-1978

CVE-2021-21522

CVE-2015-4400

CVE-2016-3685

CVE-2016-1356

CVE-2016-8375