ID

VAR-202103-0530


CVE

CVE-2021-1423


TITLE

Cisco Aironet Access Points  Vulnerability in Resource Leakage to Wrong Domain

Trust: 0.8

sources: JVNDB: JVNDB-2021-004973

DESCRIPTION

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. Cisco Aironet Access Points (AP) Is vulnerable to a resource leak to the wrong area.Information may be tampered with

Trust: 2.34

sources: NVD: CVE-2021-1423 // JVNDB: JVNDB-2021-004973 // CNVD: CNVD-2021-22451 // VULHUB: VHN-374477 // VULMON: CVE-2021-1423

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-22451

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst 9800scope:gteversion:17.1

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:lteversion:17.2

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:ltversion:16.12.5

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.5.171.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.10.130.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst 9800 シリーズscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco wireless lan controller ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet access pointsscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-22451 // JVNDB: JVNDB-2021-004973 // NVD: CVE-2021-1423

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1423
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1423
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1423
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-22451
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1388
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374477
value: LOW

Trust: 0.1

VULMON: CVE-2021-1423
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1423
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-22451
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:M/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-374477
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1423
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1423
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-22451 // VULHUB: VHN-374477 // VULMON: CVE-2021-1423 // JVNDB: JVNDB-2021-004973 // CNNVD: CNNVD-202103-1388 // NVD: CVE-2021-1423 // NVD: CVE-2021-1423

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

problemtype:Leakage of resources to the wrong area (CWE-668) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374477 // JVNDB: JVNDB-2021-004973 // NVD: CVE-2021-1423

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1388

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1388

PATCH

title:cisco-sa-ap-foverwrt-HyVXvrtburl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb

Trust: 0.8

title:Patch for Cisco Aironet Access Points file overwrite vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254886

Trust: 0.6

title:Cisco: Cisco Aironet Access Points Arbitrary File Overwrite Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ap-foverwrt-HyVXvrtb

Trust: 0.1

sources: CNVD: CNVD-2021-22451 // VULMON: CVE-2021-1423 // JVNDB: JVNDB-2021-004973

EXTERNAL IDS

db:NVDid:CVE-2021-1423

Trust: 3.2

db:JVNDBid:JVNDB-2021-004973

Trust: 0.8

db:CNVDid:CNVD-2021-22451

Trust: 0.6

db:CNNVDid:CNNVD-202103-1388

Trust: 0.6

db:VULHUBid:VHN-374477

Trust: 0.1

db:VULMONid:CVE-2021-1423

Trust: 0.1

sources: CNVD: CNVD-2021-22451 // VULHUB: VHN-374477 // VULMON: CVE-2021-1423 // JVNDB: JVNDB-2021-004973 // CNNVD: CNNVD-202103-1388 // NVD: CVE-2021-1423

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-1423

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ap-foverwrt-hyvxvrtb

Trust: 1.9

url:https://vigilance.fr/vulnerability/cisco-aironet-multiple-vulnerabilities-34939

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/668.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-22451 // VULHUB: VHN-374477 // VULMON: CVE-2021-1423 // JVNDB: JVNDB-2021-004973 // CNNVD: CNNVD-202103-1388 // NVD: CVE-2021-1423

SOURCES

db:CNVDid:CNVD-2021-22451
db:VULHUBid:VHN-374477
db:VULMONid:CVE-2021-1423
db:JVNDBid:JVNDB-2021-004973
db:CNNVDid:CNNVD-202103-1388
db:NVDid:CVE-2021-1423

LAST UPDATE DATE

2024-08-14T15:11:58.748000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-22451date:2021-03-26T00:00:00
db:VULHUBid:VHN-374477date:2022-10-21T00:00:00
db:VULMONid:CVE-2021-1423date:2021-03-31T00:00:00
db:JVNDBid:JVNDB-2021-004973date:2021-12-02T09:13:00
db:CNNVDid:CNNVD-202103-1388date:2021-04-01T00:00:00
db:NVDid:CVE-2021-1423date:2023-11-07T03:28:16.720

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-22451date:2021-03-26T00:00:00
db:VULHUBid:VHN-374477date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1423date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004973date:2021-12-02T00:00:00
db:CNNVDid:CNNVD-202103-1388date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1423date:2021-03-24T21:15:13.443