CVE-2021-1419 — Vulnetix

CVE-2021-1419 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

EPSS 0.04% · 11.1th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.04%

11.1th percentile

Affected Products

Vendor	Product	Versions
cisco	catalyst_iw6300_ac_firmware
cisco	catalyst_9800_firmware	17.4, 17.3, 17.4
cisco	catalyst_9115axi_firmware
cisco	catalyst_9124axi_firmware
cisco	wireless_lan_controller_software	8.10
cisco	aironet_3800i_firmware
cisco	aironet_1850i_firmware
cisco	catalyst_9105axw_firmware
cisco	catalyst_9130axe_firmware
cisco	aironet_1830i_firmware
cisco	catalyst_iw6300_dcw_firmware
cisco	aironet_3800e_firmware
Cisco	Cisco Wireless LAN Controller (WLC)	n/a
cisco	aironet_1840i_firmware
cisco	aironet_1542d_firmware
cisco	catalyst_9120axi_firmware
cisco	catalyst_9120axp_firmware
cisco	1160_firmware
cisco	aironet_1562i_firmware
cisco	catalyst_9105axi_firmware

…and 22 more

Exploit Intelligence

20210922 Cisco Access Points SSH Management Privilege Escalation Vulnerability (circl)

Timeline

Apr 13, 2021 CVE Published
Sep 23, 2021 EPSS Score
Oct 5, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 15, 2022 EPSS Score
Mar 14, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 10, 2022 EPSS Score
Jul 6, 2022 EPSS Score
Oct 29, 2022 EPSS Score
Dec 26, 2022 EPSS Score

References

Open in Interactive Console →