CVE-2021-1423

Published: Mar 24, 2021Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.

Affected (5)

Products: Cisco: Aironet Access Point Software, Catalyst 9800 Firmware, Wireless Lan Controller Software

Cisco

3 products

Aironet Access Point Software

Catalyst 9800 Firmware

Wireless Lan Controller Software

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Cisco Aironet Access Point Software	All versions

Running on/with	Platform Versions
Cisco 1100 Integrated Services Router	All versions
Cisco Aironet 1540	All versions
Cisco Aironet 1560	All versions
Cisco Aironet 1800	All versions
Cisco Aironet 2800	All versions
Cisco Aironet 3800	All versions
Cisco Aironet 4800	All versions
Cisco Catalyst 9100	All versions
Cisco Catalyst Iw6300	All versions
Cisco Esw6300	All versions