{"containers": {"cna": {"affected": [{"product": "Cisco Aironet Access Point Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-24T20:20:38", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"}], "source": {"advisory": "cisco-sa-ap-foverwrt-HyVXvrtb", "defect": [["CSCvu98274"]], "discovery": "INTERNAL"}, "title": "Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-03-24T16:00:00", "ID": "CVE-2021-1423", "STATE": "PUBLIC", "TITLE": "Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Aironet Access Point Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.4", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668"}]}]}, "references": {"reference_data": [{"name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"}]}, "source": {"advisory": "cisco-sa-ap-foverwrt-HyVXvrtb", "defect": [["CSCvu98274"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:11:16.924Z"}, "title": "CVE Program Container", "references": [{"name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T20:47:09.653137Z", "id": "CVE-2021-1423", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T23:30:28.527Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1423", "datePublished": "2021-03-24T20:20:38.878927Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:30:28.527Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb", "name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:11:16.924Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1423", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-08T20:47:09.653137Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T20:59:48.172Z"}}], "cna": {"title": "Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "source": {"defect": [["CSCvu98274"]], "advisory": "cisco-sa-ap-foverwrt-HyVXvrtb", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Aironet Access Point Software", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2021-03-24T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb", "name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-668", "description": "CWE-668"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-03-24T20:20:38"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "4.4", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}}, "source": {"defect": [["CSCvu98274"]], "advisory": "cisco-sa-ap-foverwrt-HyVXvrtb", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Aironet Access Point Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb", "name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-1423", "STATE": "PUBLIC", "TITLE": "Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-03-24T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-1423", "state": "PUBLISHED", "dateUpdated": "2024-11-08T23:30:28.527Z", "dateReserved": "2020-11-13T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-03-24T20:20:38.878927Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "D48036EE-DE42-412A-B3C9-CBCE7414DB33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "1952B64C-4AE0-4CCB-86C5-8D1FF6A12822", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*", "matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*", "matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "749040C6-A21A-4EF3-8213-42EE01CFA303", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:esw6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "09051BC5-CFE7-43EF-975D-BF77724E8776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCD9BB32-1D37-4F86-9E93-B77DAB09B874", "versionEndExcluding": "16.12.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "54FC2B7F-8BB5-4326-964C-0C7CC6D31412", "versionEndIncluding": "17.2", "versionStartIncluding": "17.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "4303CDF3-6399-41CA-BD2A-3C894DD02064", "versionEndExcluding": "8.5.171.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D84C320-E3E3-4B29-A27F-A95C6C50FFFE", "versionEndExcluding": "8.10.130.0", "versionStartIncluding": "8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de un comando de CLI en Cisco Aironet Access Points (AP), podr\u00eda permitir a un atacante local autenticado sobrescribir archivos en la memoria flash del dispositivo. Esta vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada para un comando espec\u00edfico. Un atacante podr\u00eda explotar esta vulnerabilidad al emitir un comando con argumentos dise\u00f1ados. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante sobrescribir o crear archivos con datos que ya est\u00e1n presentes en otros archivos alojados en el dispositivo afectado"}], "id": "CVE-2021-1423", "lastModified": "2024-11-21T05:44:19.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-24T21:15:13.443", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}