CVE-2021-1423
Last modified
CVE-2021-1423 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Aironet Access Point Software | All versions |
| Cisco | Catalyst 9800 Firmware | < 16.12.5 |
| Cisco | Catalyst 9800 Firmware | >= 17.1, <= 17.2 |
| Cisco | Wireless Lan Controller Software | < 8.5.171.0 |
| Cisco | Wireless Lan Controller Software | >= 8.6, < 8.10.130.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-1423?
How severe is CVE-2021-1423?
How do I fix CVE-2021-1423?
Are you affected by CVE-2021-1423?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST