Files or Directories Accessible to External Parties in Cisco Systems, Inc products - CVE-2021-1423
Published: March 25, 2021
Vulnerability identifier: #VU51730
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1423
CWE-ID: CWE-552
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to overwrite arbitrary files in the underlying host file system.
The vulnerability exists due to insufficient validation of the parameters of a specific CLI command. A local administrator can issue that command with specific parameters and overwrite the content of any arbitrary file that resides on the underlying host file system.
Remediation
Install updates from vendor's website.