Rewterz Threat Advisory – CVE-2021-1230 – Cisco Nexus 9000 Series Fabric Switches denial of service
February 26, 2021Rewterz Threat Advisory – Microsoft Remote Desktop Web Access information disclosure
March 1, 2021Rewterz Threat Advisory – CVE-2021-1230 – Cisco Nexus 9000 Series Fabric Switches denial of service
February 26, 2021Rewterz Threat Advisory – Microsoft Remote Desktop Web Access information disclosure
March 1, 2021Severity
High
Analysis Summary
CVE-2021-22661
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password.
Impact
- Privilege escalation
- Access Controls
Affected Vendors
ProSoft Technology
Affected Products
- ICX35-HWC-A Versions 1.9.62 and prior
- ICX35-HWC-E Versions 1.9.62 and prior
Remediation
ProSoft Technology recommends users update the product’s firmware to Version 1.10.30