How severe is CVE-2021-1594?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-1594?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2021-1594 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.

Related Vulnerabilities

CVE-2018-1088

HIGH

CVSS:8.1(High)

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by s...

CWE-2662018

CVE-2023-47140

HIGH

CVSS:8.1(High)

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls.

CWE-2662023

CVE-2024-11073

MEDIUM

CVSS:8.1(High)

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of ...

CWE-2662024

CVE-2024-11485

MEDIUM

CVSS:8.1(High)

A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/use...

CWE-2662024

CVE-2024-27273

HIGH

CVSS:8.1(High)

IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may le...

CWE-2662024

CVE-2025-0802

MEDIUM

CVSS:8.1(High)

A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of t...

CWE-2662025