CVE-2021-1423

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:cisco:aironet_access_point_software:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:aironet_1540:-:::::::*
	cpe:2.3:h:cisco:aironet_1560:-:::::::*
	cpe:2.3:h:cisco:aironet_1800:-:::::::*
	cpe:2.3:h:cisco:aironet_2800:-:::::::*
	cpe:2.3:h:cisco:aironet_3800:-:::::::*
	cpe:2.3:h:cisco:aironet_4800:-:::::::*
	cpe:2.3:h:cisco:catalyst_9100:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300:-:::::::*
	cpe:2.3:h:cisco:esw6300:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:catalyst_9800_firmware::::::::
	cpe:2.3:o:cisco:catalyst_9800_firmware::::::::

cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:cisco:wireless_lan_controller_software::::::::
	cpe:2.3:a:cisco:wireless_lan_controller_software::::::::

History

22 May 2023, 18:57

Type	Values Removed	Values Added
First Time		Cisco 1100 Integrated Services Router
CPE	cpe:2.3:h:cisco:isr_1100:-:::::::*	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*

31 Mar 2021, 12:59

Type	Values Removed	Values Added
CPE		cpe:2.3:h:cisco:aironet_1540:-:::::::* cpe:2.3:a:cisco:wireless_lan_controller_software:::::::: cpe:2.3:h:cisco:catalyst_9100:-:::::::* cpe:2.3:h:cisco:aironet_2800:-:::::::* cpe:2.3:a:cisco:aironet_access_point_software:-:::::::* cpe:2.3:h:cisco:aironet_1560:-:::::::* cpe:2.3:o:cisco:catalyst_9800_firmware:::::::: cpe:2.3:h:cisco:aironet_1800:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::* cpe:2.3:h:cisco:catalyst_9800:-:::::::* cpe:2.3:h:cisco:aironet_4800:-:::::::* cpe:2.3:h:cisco:catalyst_iw6300:-:::::::* cpe:2.3:h:cisco:esw6300:-:::::::* cpe:2.3:h:cisco:aironet_3800:-:::::::*
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.4

24 Mar 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-03-24 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2021-1423

Mitre link : CVE-2021-1423

CVE.ORG link : CVE-2021-1423

JSON object : View

Products Affected

cisco

catalyst_9100
aironet_1560
1100_integrated_services_router
aironet_2800
aironet_access_point_software
catalyst_9800
aironet_3800
aironet_4800
wireless_lan_controller_software
catalyst_iw6300
esw6300
aironet_1540
aironet_1800
catalyst_9800_firmware

CWE

CWE-668

Exposure of Resource to Wrong Sphere

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-1423

4.4^/10

2.1^/10

Attach tags to `CVE-2021-1423`