SB2021032515 - Improper access control in Cisco Access Point Software
Published: March 25, 2021
Security Bulletin ID
SB2021032515
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2021-1449)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an improper check that is performed by the area of code that manages system startup processes. A local administrator can modify a specific file that is stored on the system, execute unsigned code at boot time and bypass the software image verification check part of the secure boot process.
Remediation
Install update from vendor's website.