CVE-2021-1437

CWE-2754 documents4 sources
Severity
7.5HIGH
EPSS
0.5%
top 34.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst 9800 FirmwareCisco Wireless LAN Controller SoftwareCisco Cisco Aironet Access Point Software
Timeline
PublishedMar 24
Latest updateMay 24

Description

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDcisco/wireless_lan_controller_software8.10.112.08.10.142.0
NVDcisco/catalyst_9800_firmware17.117.3.3

🔴Vulnerability Details

2
GHSA
GHSA-777j-pmq7-4px5: A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to o2022-05-24
CVEList
Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability2021-03-24

📋Vendor Advisories

1
Cisco
Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability2021-03-24
CVE-2021-1437 (HIGH CVSS 7.5) | A vulnerability in the FlexConnect | cvebase.io