HIGH✓ PATCH🇬🇧 English

CVE-2021-1437

CVSS 7.5v3.1pub. 2021-03-24upd. 2024-11-21

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Cisco 1100 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1540

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1560

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1800

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 2800

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3800

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 4800

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet Access Point Software

    APP
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9100

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 Firmware

    OS
    Cisco
    17.1 – 17.3.3 (bez)
  • Cisco Catalyst Iw6300

    HW
    Cisco
    wszystkie wersje
  • Cisco Esw6300

    HW
    Cisco
    wszystkie wersje
  • Cisco Wireless Lan Controller Software

    APP
    Cisco
    8.10.112.0 – 8.10.142.0 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2017-12240CRITICAL9.8⚠ KEVten sam produkt

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...

CVE-2022-20695CRITICAL10.0ten sam produkt

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allo...

CVE-2021-34770CRITICAL10.0ten sam produkt

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisc...

CVE-2021-34727CRITICAL9.8ten sam produkt

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote ...

CVE-2019-15260CRITICAL9.8ten sam produkt

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker ...