7.5

CVE-2021-1437

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

Data is provided by the National Vulnerability Database (NVD)
CiscoAironet Access Point Software Version-
   Cisco1100 Integrated Services Router Version-
   CiscoAironet 1540 Version-
   CiscoAironet 1560 Version-
   CiscoAironet 1800 Version-
   CiscoAironet 2800 Version-
   CiscoAironet 3800 Version-
   CiscoAironet 4800 Version-
   CiscoCatalyst 9100 Version-
   CiscoCatalyst Iw6300 Version-
   CiscoEsw6300 Version-
CiscoCatalyst 9800 Firmware Version >= 17.1 < 17.3.3
   CiscoCatalyst 9800 Version-
CiscoWireless Lan Controller Software Version >= 8.10.112.0 < 8.10.142.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.72% 0.701
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N