CVE-2021-1423

CWE-668 — Exposure to Wrong Sphere4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 78.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst 9800 Firmware Cisco Wireless LAN Controller Software Cisco Cisco Aironet Access Point Software

Timeline

PublishedMar 24

Latest updateMay 24

Description

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are host…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cisco/cisco_aironet_access_point_softwaren/a

▶NVDcisco/catalyst_9800_firmware17.1 — 17.2+1

▶NVDcisco/wireless_lan_controller_software8.6 — 8.10.130.0+1

🔴Vulnerability Details

GHSA

GHSA-2ggr-q5x3-fm96: A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite f↗2022-05-24

▶

CVEList

Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability↗2021-03-24

▶

📋Vendor Advisories

Cisco

Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability↗2021-03-24

▶