CVE-2021-1423 vulnerability in Cisco Products
Published on March 24, 2021
Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.
Vulnerability Analysis
CVE-2021-1423 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Products Associated with CVE-2021-1423
stack.watch emails you whenever new vulnerabilities are published in Cisco Wireless Lan Controller Software or Cisco Aironet Access Point Software. Just hit a watch button to start following.
Affected Versions
Cisco Aironet Access Point Software Version n/a is affected by CVE-2021-1423Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.