CVE-2021-1616

MEDIUM Year: 2021
CVSS v3 Score
4.7
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-693
View all →

Vulnerability Description

A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming.

Related Vulnerabilities

CVE-2018-15423

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to ins...

CWE-6932018

CVE-2023-29354

MEDIUM
CVSS:4.7(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932023

CVE-2024-26163

MEDIUM
CVSS:4.7(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932024

CVE-2024-39599

MEDIUM
CVSS:4.7(Medium)

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This lea...

CWE-6932024

CVE-2024-5691

MEDIUM
CVSS:4.7(Medium)

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability...

CWE-6932024