CVE-2021-1419

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

Published: Sep 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-1419
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / wireless_lan_controller_software	8.10	8.10.151.0
cisco / catalyst_9800_firmware	16.12	16.12.6
cisco / catalyst_9800_firmware	17.3	17.3.3
cisco / catalyst_9800_firmware	17.4	17.4.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv

Vulnerability Database

289,599

CVE-2021-1419