Sign-up

ID

VAR-202103-0775


CVE

CVE-2021-1437


TITLE

Cisco Aironet Series Access Points  Software permission vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-004967

DESCRIPTION

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP)

Trust: 1.8

sources: NVD: CVE-2021-1437 // JVNDB: JVNDB-2021-004967 // VULHUB: VHN-374491 // VULMON: CVE-2021-1437

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst 9800scope:gteversion:17.1

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.10.142.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.10.112.0

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:ltversion:17.3.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst 9800 シリーズscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco wireless lan controller ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004967 // NVD: CVE-2021-1437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1437
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1437
value: HIGH

Trust: 1.0

NVD: CVE-2021-1437
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202103-1387
value: HIGH

Trust: 0.6

VULHUB: VHN-374491
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1437
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1437
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374491
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1437
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1437
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374491 // VULMON: CVE-2021-1437 // JVNDB: JVNDB-2021-004967 // CNNVD: CNNVD-202103-1387 // NVD: CVE-2021-1437 // NVD: CVE-2021-1437

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Permission issues (CWE-275) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004967 // NVD: CVE-2021-1437

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1387

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1387

PATCH

title:cisco-sa-aironet-info-disc-BfWqghjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-info-disc-BfWqghj

Trust: 0.8

title:Cisco Aironet Series Access Points Software Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=145693

Trust: 0.6

title:Cisco: Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-aironet-info-disc-BfWqghj

Trust: 0.1

sources: VULMON: CVE-2021-1437 // JVNDB: JVNDB-2021-004967 // CNNVD: CNNVD-202103-1387

EXTERNAL IDS

db:NVDid:CVE-2021-1437

Trust: 2.6

db:JVNDBid:JVNDB-2021-004967

Trust: 0.8

db:CNNVDid:CNNVD-202103-1387

Trust: 0.6

db:VULHUBid:VHN-374491

Trust: 0.1

db:VULMONid:CVE-2021-1437

Trust: 0.1

sources: VULHUB: VHN-374491 // VULMON: CVE-2021-1437 // JVNDB: JVNDB-2021-004967 // CNNVD: CNNVD-202103-1387 // NVD: CVE-2021-1437

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-aironet-info-disc-bfwqghj

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1437

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-aironet-multiple-vulnerabilities-34939

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/275.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374491 // VULMON: CVE-2021-1437 // JVNDB: JVNDB-2021-004967 // CNNVD: CNNVD-202103-1387 // NVD: CVE-2021-1437

SOURCES

db:VULHUBid:VHN-374491
db:VULMONid:CVE-2021-1437
db:JVNDBid:JVNDB-2021-004967
db:CNNVDid:CNNVD-202103-1387
db:NVDid:CVE-2021-1437

LAST UPDATE DATE

2024-08-14T15:33:14.645000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374491date:2022-10-21T00:00:00
db:VULMONid:CVE-2021-1437date:2021-03-31T00:00:00
db:JVNDBid:JVNDB-2021-004967date:2021-12-02T09:13:00
db:CNNVDid:CNNVD-202103-1387date:2022-10-24T00:00:00
db:NVDid:CVE-2021-1437date:2023-11-07T03:28:18.740

SOURCES RELEASE DATE

db:VULHUBid:VHN-374491date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1437date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004967date:2021-12-02T00:00:00
db:CNNVDid:CNNVD-202103-1387date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1437date:2021-03-24T20:15:14.900