Vulnerability Description
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Application Services Engine | >= 1.1, < 1.1\(3e\) |
| Cisco | Application Policy Infrastructure Controller | 1.1.3 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cVendor Advisory
FAQ
What is CVE-2021-1396?
CVE-2021-1396 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information...
How severe is CVE-2021-1396?
CVE-2021-1396 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-1396?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Application Services Engine, Cisco Application Policy Infrastructure Controller.