CVE-2021-1419 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Aironet 1542D Firmware	-
Cisco	Aironet 1542D	-
Cisco	Aironet 1562D Firmware	-
Cisco	Aironet 1562D	-
Cisco	Aironet 1815M Firmware	-
Cisco	Aironet 1815M	-
Cisco	Aironet 1830E Firmware	-
Cisco	Aironet 1830E	-
Cisco	Aironet 1840I Firmware	-
Cisco	Aironet 1840I	-
Cisco	Aironet 1850E Firmware	-
Cisco	Aironet 1850E	-
Cisco	Aironet 2800I Firmware	-
Cisco	Aironet 2800I	-
Cisco	Aironet 3800P Firmware	-
Cisco	Aironet 3800P	-
Cisco	Aironet 4800 Firmware	-
Cisco	Aironet 4800	-
Cisco	Catalyst 9105Axi Firmware	-
Cisco	Catalyst 9105Axi	-

Related Weaknesses (CWE)

CWE-284

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory

FAQ

What is CVE-2021-1419?

CVE-2021-1419 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated...

How severe is CVE-2021-1419?

CVE-2021-1419 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1419?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet 1542D Firmware, Cisco Aironet 1542D, Cisco Aironet 1562D Firmware, Cisco Aironet 1562D, Cisco Aironet 1815M Firmware.