Information disclosure in Cisco Systems, Inc products - CVE-2021-1437
Published: March 25, 2021
Vulnerability identifier: #VU51720
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-1437
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration in the FlexConnect Upgrade feature. A remote attacker can send a specific TFTP request and gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.