What is CVE-2021-1540?

CVE-2021-1540 is a high-severity vulnerability in Cisco Asr 5000 Series Software, classified under Incorrect Authorization. CVSS score: 8.1/10. Published 2021-06-04.

How severe is CVE-2021-1540?

High severity. CVSS v3 base score is 8.1 out of 10.

Auth bypass in Cisco Asr 5000 Series Software

CVE-2021-1540

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more inf…

Vulnerability class: Broken Access Control

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Affected products

Cisco Asr 5000 Series Software — versions n/a

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-1540?: CVE-2021-1540 is a high-severity vulnerability in Cisco Asr 5000 Series Software, classified under Incorrect Authorization. CVSS score: 8.1/10. Published 2021-06-04.
How severe is CVE-2021-1540?: High severity. CVSS v3 base score is 8.1 out of 10.