CVE-2021-1423 — MEDIUM (4.4)

Q: How severe is CVE-2021-1423?

CVE-2021-1423 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-1423?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet Access Point Software, Cisco 1100 Integrated Services Router, Cisco Aironet 1540, Cisco Aironet 1560, Cisco Aironet 1800.

Vulnerability Description

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Aironet Access Point Software	-
Cisco	1100 Integrated Services Router	-
Cisco	Aironet 1540	-
Cisco	Aironet 1560	-
Cisco	Aironet 1800	-
Cisco	Aironet 2800	-
Cisco	Aironet 3800	-
Cisco	Aironet 4800	-
Cisco	Catalyst 9100	-
Cisco	Catalyst Iw6300	-
Cisco	Esw6300	-
Cisco	Catalyst 9800 Firmware	< 16.12.5
Cisco	Catalyst 9800	-
Cisco	Wireless Lan Controller Software	< 8.5.171.0

Related Weaknesses (CWE)

CWE-668

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory

FAQ

What is CVE-2021-1423?

CVE-2021-1423 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulne...

How severe is CVE-2021-1423?

CVE-2021-1423 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1423?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet Access Point Software, Cisco 1100 Integrated Services Router, Cisco Aironet 1540, Cisco Aironet 1560, Cisco Aironet 1800.