What is CVE-2021-1572?

CVE-2021-1572 is a high-severity vulnerability in Cisco Confd, classified under Incorrect Privilege Assignment. CVSS score: 7.8/10. Published 2021-08-04.

How severe is CVE-2021-1572?

High severity. CVSS v3 base score is 7.8 out of 10.

Privilege escalation in Cisco Confd

CVE-2021-1572

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a va…

EPSS: 0.001 (28.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Confd — versions n/a

Weakness classification (CWE)

CWE-266 — Incorrect Privilege Assignment

References

20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability (vendor-advisory, x_refsource_CISCO)
20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-1572?: CVE-2021-1572 is a high-severity vulnerability in Cisco Confd, classified under Incorrect Privilege Assignment. CVSS score: 7.8/10. Published 2021-08-04.
How severe is CVE-2021-1572?: High severity. CVSS v3 base score is 7.8 out of 10.