← Back

CVE-2021-1437

nvd nist
Published: Mar 24, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

Affected (3)

Cisco
3 products
Aironet Access Point Software
Catalyst 9800 Firmware
Wireless Lan Controller Software
Configuration A
1 vulnerable · 10 platform
Vulnerable SoftwareAffected Versions
Aironet Access Point Software
All versions
Running on/withPlatform Versions
Cisco
1100 Integrated Services Router
All versions
Cisco
Aironet 1540
All versions
Cisco
Aironet 1560
All versions
Cisco
Aironet 1800
All versions
Cisco
Aironet 2800
All versions
Cisco
Aironet 3800
All versions
Cisco
Aironet 4800
All versions
Cisco
Catalyst 9100
All versions
Cisco
Catalyst Iw6300
All versions
Cisco
Esw6300
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Catalyst 9800 Firmware
From 17.1 to 17.3.3
Running on/withPlatform Versions
Cisco
Catalyst 9800
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Wireless Lan Controller Software
From 8.10.112.0 to 8.10.142.0

Related CWEs

CWE-275
CWE-275

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.