ID

VAR-202103-0769


CVE

CVE-2021-1449


TITLE

Cisco Access Points  Software access control vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-004969

DESCRIPTION

A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. Cisco Cisco Access Point is a hardware device of Cisco (Cisco). Provides high-density wireless connectivity for small offices

Trust: 1.8

sources: NVD: CVE-2021-1449 // JVNDB: JVNDB-2021-004969 // VULHUB: VHN-374503 // VULMON: CVE-2021-1449

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst 9800scope:gteversion:17.1

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:gteversion:17.4

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.10.150.0

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:ltversion:16.12.5

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:ltversion:17.5.1

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.5.171.0

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:ltversion:17.3.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst 9800 シリーズscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco wireless lan controller ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004969 // NVD: CVE-2021-1449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1449
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1449
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1449
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1385
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374503
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1449
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1449
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374503
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1449
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1449
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374503 // VULMON: CVE-2021-1449 // JVNDB: JVNDB-2021-004969 // CNNVD: CNNVD-202103-1385 // NVD: CVE-2021-1449 // NVD: CVE-2021-1449

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004969 // NVD: CVE-2021-1449

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1385

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1385

PATCH

title:cisco-sa-ap-privesc-wEVfp8Udurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-privesc-wEVfp8Ud

Trust: 0.8

title:Cisco Cisco Access Point Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=145691

Trust: 0.6

title:Cisco: Cisco Access Point Software Arbitrary Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ap-privesc-wEVfp8Ud

Trust: 0.1

sources: VULMON: CVE-2021-1449 // JVNDB: JVNDB-2021-004969 // CNNVD: CNNVD-202103-1385

EXTERNAL IDS

db:NVDid:CVE-2021-1449

Trust: 2.6

db:JVNDBid:JVNDB-2021-004969

Trust: 0.8

db:CNNVDid:CNNVD-202103-1385

Trust: 0.6

db:VULHUBid:VHN-374503

Trust: 0.1

db:VULMONid:CVE-2021-1449

Trust: 0.1

sources: VULHUB: VHN-374503 // VULMON: CVE-2021-1449 // JVNDB: JVNDB-2021-004969 // CNNVD: CNNVD-202103-1385 // NVD: CVE-2021-1449

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ap-privesc-wevfp8ud

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1449

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-aironet-multiple-vulnerabilities-34939

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/284.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374503 // VULMON: CVE-2021-1449 // JVNDB: JVNDB-2021-004969 // CNNVD: CNNVD-202103-1385 // NVD: CVE-2021-1449

SOURCES

db:VULHUBid:VHN-374503
db:VULMONid:CVE-2021-1449
db:JVNDBid:JVNDB-2021-004969
db:CNNVDid:CNNVD-202103-1385
db:NVDid:CVE-2021-1449

LAST UPDATE DATE

2024-08-14T14:55:59.751000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374503date:2022-10-21T00:00:00
db:VULMONid:CVE-2021-1449date:2021-03-31T00:00:00
db:JVNDBid:JVNDB-2021-004969date:2021-12-02T09:13:00
db:CNNVDid:CNNVD-202103-1385date:2022-10-24T00:00:00
db:NVDid:CVE-2021-1449date:2023-11-07T03:28:20.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-374503date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1449date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004969date:2021-12-02T00:00:00
db:CNNVDid:CNNVD-202103-1385date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1449date:2021-03-24T20:15:15.400