Main Vulnerability Database SB2021032515

SB2021032515 - Improper access control in Cisco Access Point Software

Published: March 25, 2021

Security Bulletin ID SB2021032515

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2021-1449)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to an improper check that is performed by the area of code that manages system startup processes. A local administrator can modify a specific file that is stored on the system, execute unsigned code at boot time and bypass the software image verification check part of the secure boot process.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-privesc-wEVfp8Ud

SB2021032515 - Improper access control in Cisco Access Point Software

Breakdown by Severity

Description

Remediation

References

Please verify you're human