4.4

CVE-2021-1423

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.

Data is provided by the National Vulnerability Database (NVD)
CiscoAironet Access Point Software Version-
   Cisco1100 Integrated Services Router Version-
   CiscoAironet 1540 Version-
   CiscoAironet 1560 Version-
   CiscoAironet 1800 Version-
   CiscoAironet 2800 Version-
   CiscoAironet 3800 Version-
   CiscoAironet 4800 Version-
   CiscoCatalyst 9100 Version-
   CiscoCatalyst Iw6300 Version-
   CiscoEsw6300 Version-
CiscoCatalyst 9800 Firmware Version < 16.12.5
   CiscoCatalyst 9800 Version-
CiscoCatalyst 9800 Firmware Version >= 17.1 <= 17.2
   CiscoCatalyst 9800 Version-
CiscoWireless Lan Controller Software Version < 8.5.171.0
CiscoWireless Lan Controller Software Version >= 8.6 < 8.10.130.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.182
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.