Cisco Catalyst 9800 Firmware vulnerabilities

CVE-2021-1565 [HIGH] CWE-415 CVE-2021-1565: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient vali

CVE-2021-1419 [HIGH] CWE-284 CVE-2021-1419: A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploi

CVE-2021-1439 [HIGH] CWE-120 CVE-2021-1439: A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points So A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability

CVE-2021-1437 [HIGH] CWE-275 CVE-2021-1437: A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software co A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sen

CVE-2021-1423 [MEDIUM] CWE-668 CVE-2021-1423: A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could all A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted a

CVE-2021-1449 [MEDIUM] CWE-284 CVE-2021-1449: A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, loca A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that i