All the vulnerabilites related to Cisco - Cisco Business Wireless Access Point Software
cve-2021-1548
Vulnerability from cvelistv5
Published
2021-05-22 06:45
Modified
2024-11-08 21:18
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1548", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:12.284761Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T21:18:50.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:45:18", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1548", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1548", "datePublished": "2021-05-22T06:45:18.614578Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T21:18:50.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20271
Vulnerability from cvelistv5
Published
2024-03-27 17:05
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:aironet_access_point_software:8.10.111.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.112.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.113.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.121.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.122.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.130.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.141.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.142.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.150.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.151.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.161.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.162.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.170.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.171.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.181.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.182.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.183.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.10.185.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2\\(100.0\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.110.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.111.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.121.0:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:aironet_access_point_software:8.2\\(130.0\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.141.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.151.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.160.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.161.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.163.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.164.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.166.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.2.170.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.102.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.14:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.37:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.46:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.64:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.108.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.111.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.112.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.121.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.122.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.130.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.131.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.132.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.133.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.135.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.140.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.141.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.143.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.150.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.117:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.118:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.120:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.142:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.158:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.165:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.169:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.25:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.200.200:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.11:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.25:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.36:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.53:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.58:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.100.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.142:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.175:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.199:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.218:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.91:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.92:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.100.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.101.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.102.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.103.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.105.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.110.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.120.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.131.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.135.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.140.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.151.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.160.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.161.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.164.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.171.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.5.182.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.6.101.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.71:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.84:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.7.102.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.7.106.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.7.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.8.100.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.8.111.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.8.120.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.8.125.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.8.130.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.9.100.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:aironet_access_point_software:8.9.111.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aironet_access_point_software", "vendor": "cisco", "versions": [ { "status": "affected", "version": "8.10.111.0" }, { "status": "affected", "version": "8.10.112.0" }, { "status": "affected", "version": "8.10.113.0" }, { "status": "affected", "version": "8.10.121.0" }, { "status": "affected", "version": "8.10.122.0" }, { "status": "affected", "version": "8.10.130.0" }, { "status": "affected", "version": "8.10.141.0" }, { "status": "affected", "version": "8.10.142.0" }, { "status": "affected", "version": "8.10.150.0" }, { "status": "affected", "version": "8.10.151.0" }, { "status": "affected", "version": "8.10.161.0" }, { "status": "affected", "version": "8.10.162.0" }, { "status": "affected", "version": "8.10.170.0" }, { "status": "affected", "version": "8.10.171.0" }, { "status": "affected", "version": "8.10.181.0" }, { "status": "affected", "version": "8.10.182.0" }, { "status": "affected", "version": "8.10.183.0" }, { "status": "affected", "version": "8.10.185.0" }, { "status": "affected", "version": "8.2\\(100.0\\)" }, { "status": "affected", "version": "8.2.110.0" }, { "status": "affected", "version": "8.2.111.0" }, { "status": "affected", "version": "8.2.121.0" }, { "status": "affected", "version": "8.2\\(130.0\\)" }, { "status": "affected", "version": "8.2.141.0" }, { "status": "affected", "version": "8.2.151.0" }, { "status": "affected", "version": "8.2.160.0" }, { "status": "affected", "version": "8.2.161.0" }, { "status": "affected", "version": "8.2.163.0" }, { "status": "affected", "version": "8.2.164.0" }, { "status": "affected", "version": "8.2.166.0" }, { "status": "affected", "version": "8.2.170.0" }, { "status": "affected", "version": "8.3.102.0" }, { "status": "affected", "version": "8.3.104.14" }, { "status": "affected", "version": "8.3.104.37" }, { "status": "affected", "version": "8.3.104.46" }, { "status": "affected", "version": "8.3.104.64" }, { "status": "affected", "version": "8.3.108.0" }, { "status": "affected", "version": "8.3.111.0" }, { "status": "affected", "version": "8.3.112.0" }, { "status": "affected", "version": "8.3.121.0" }, { "status": "affected", "version": "8.3.122.0" }, { "status": "affected", "version": "8.3.130.0" }, { "status": "affected", "version": "8.3.131.0" }, { "status": "affected", "version": "8.3.132.0" }, { "status": "affected", "version": "8.3.133.0" }, { "status": "affected", "version": "8.3.135.0" }, { "status": "affected", "version": "8.3.140.0" }, { "status": "affected", "version": "8.3.141.0" }, { "status": "affected", "version": "8.3.143.0" }, { "status": "affected", "version": "8.3.150.0" }, { "status": "affected", "version": "8.3.15.117" }, { "status": "affected", "version": "8.3.15.118" }, { "status": "affected", "version": "8.3.15.120" }, { "status": "affected", "version": "8.3.15.142" }, { "status": "affected", "version": "8.3.15.158" }, { "status": "affected", "version": "8.3.15.165" }, { "status": "affected", "version": "8.3.15.169" }, { "status": "affected", "version": "8.3.15.25" }, { "status": "affected", "version": "8.3.200.200" }, { "status": "affected", "version": "8.3.90.11" }, { "status": "affected", "version": "8.3.90.25" }, { "status": "affected", "version": "8.3.90.36" }, { "status": "affected", "version": "8.3.90.53" }, { "status": "affected", "version": "8.3.90.58" }, { "status": "affected", "version": "8.4.100.0" }, { "status": "affected", "version": "8.4.1.142" }, { "status": "affected", "version": "8.4.1.175" }, { "status": "affected", "version": "8.4.1.199" }, { "status": "affected", "version": "8.4.1.218" }, { "status": "affected", "version": "8.4.1.91" }, { "status": "affected", "version": "8.4.1.92" }, { "status": "affected", "version": "8.5.100.0" }, { "status": "affected", "version": "8.5.101.0" }, { "status": "affected", "version": "8.5.102.0" }, { "status": "affected", "version": "8.5.103.0" }, { "status": "affected", "version": "8.5.105.0" }, { "status": "affected", "version": "8.5.110.0" }, { "status": "affected", "version": "8.5.120.0" }, { "status": "affected", "version": "8.5.131.0" }, { "status": "affected", "version": "8.5.135.0" }, { "status": "affected", "version": "8.5.140.0" }, { "status": "affected", "version": "8.5.151.0" }, { "status": "affected", "version": "8.5.160.0" }, { "status": "affected", "version": "8.5.161.0" }, { "status": "affected", "version": "8.5.164.0" }, { "status": "affected", "version": "8.5.171.0" }, { "status": "affected", "version": "8.5.182.0" }, { "status": "affected", "version": "8.6.101.0" }, { "status": "affected", "version": "8.6.1.70" }, { "status": "affected", "version": "8.6.1.71" }, { "status": "affected", "version": "8.6.1.84" }, { "status": "affected", "version": "8.7.102.0" }, { "status": "affected", "version": "8.7.106.0" }, { "status": "affected", "version": "8.7.1.16" }, { "status": "affected", "version": "8.8.100.0" }, { "status": "affected", "version": "8.8.111.0" }, { "status": "affected", "version": "8.8.120.0" }, { "status": "affected", "version": "8.8.125.0" }, { "status": "affected", "version": "8.8.130.0" }, { "status": "affected", "version": "8.9.100.0" }, { "status": "affected", "version": "8.9.111.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20271", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T16:39:13.630340Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-28T13:07:00.717Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:52:38.878Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ap-dos-h9TGGX6W", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Aironet Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.2.100.0" }, { "status": "affected", "version": "8.2.130.0" }, { "status": "affected", "version": "8.2.111.0" }, { "status": "affected", "version": "8.2.110.0" }, { "status": "affected", "version": "8.2.121.0" }, { "status": "affected", "version": "8.2.141.0" }, { "status": "affected", "version": "8.2.151.0" }, { "status": "affected", "version": "8.2.160.0" }, { "status": "affected", "version": "8.2.161.0" }, { "status": "affected", "version": "8.2.164.0" }, { "status": "affected", "version": "8.2.166.0" }, { "status": "affected", "version": "8.2.170.0" }, { "status": "affected", "version": "8.2.163.0" }, { "status": "affected", "version": "8.3.102.0" }, { "status": "affected", "version": "8.3.111.0" }, { "status": "affected", "version": "8.3.112.0" }, { "status": "affected", "version": "8.3.121.0" }, { "status": "affected", "version": "8.3.122.0" }, { "status": "affected", "version": "8.3.130.0" }, { "status": "affected", "version": "8.3.131.0" }, { "status": "affected", "version": "8.3.132.0" }, { "status": "affected", "version": "8.3.133.0" }, { "status": "affected", "version": "8.3.140.0" }, { "status": "affected", "version": "8.3.141.0" }, { "status": "affected", "version": "8.3.143.0" }, { "status": "affected", "version": "8.3.150.0" }, { "status": "affected", "version": "8.3.108.0" }, { "status": "affected", "version": "8.3.90.53" }, { "status": "affected", "version": "8.3.104.46" }, { "status": "affected", "version": "8.3.200.200" }, { "status": "affected", "version": "8.3.104.64" }, { "status": "affected", "version": "8.3.15.165" }, { "status": "affected", "version": "8.3.90.11" }, { "status": "affected", "version": "8.3.135.0" }, { "status": "affected", "version": "8.3.104.14" }, { "status": "affected", "version": "8.3.90.36" }, { "status": "affected", "version": "8.3.15.142" }, { "status": "affected", "version": "8.3.104.37" }, { "status": "affected", "version": "8.3.15.117" }, { "status": "affected", "version": "8.3.15.120" }, { "status": "affected", "version": "8.3.15.25" }, { "status": "affected", "version": "8.3.15.158" }, { "status": "affected", "version": "8.3.15.118" }, { "status": "affected", "version": "8.3.90.25" }, { "status": "affected", "version": "8.3.15.169" }, { "status": "affected", "version": "8.3.90.58" }, { "status": "affected", "version": "8.4.100.0" }, { "status": "affected", "version": "8.4.1.199" }, { "status": "affected", "version": "8.4.1.91" }, { "status": "affected", "version": "8.4.1.142" }, { "status": "affected", "version": "8.4.1.175" }, { "status": "affected", "version": "8.4.1.218" }, { "status": "affected", "version": "8.4.1.92" }, { "status": "affected", "version": "8.5.103.0" }, { "status": "affected", "version": "8.5.105.0" }, { "status": "affected", "version": "8.5.110.0" }, { "status": "affected", "version": "8.5.120.0" }, { "status": "affected", "version": "8.5.131.0" }, { "status": "affected", "version": "8.5.140.0" }, { "status": "affected", "version": "8.5.135.0" }, { "status": "affected", "version": "8.5.151.0" }, { "status": "affected", "version": "8.5.101.0" }, { "status": "affected", "version": "8.5.102.0" }, { "status": "affected", "version": "8.5.161.0" }, { "status": "affected", "version": "8.5.160.0" }, { "status": "affected", "version": "8.5.100.0" }, { "status": "affected", "version": "8.5.171.0" }, { "status": "affected", "version": "8.5.164.0" }, { "status": "affected", "version": "8.5.182.0" }, { "status": "affected", "version": "8.5.182.11 ME" }, { "status": "affected", "version": "8.7.102.0" }, { "status": "affected", "version": "8.7.106.0" }, { "status": "affected", "version": "8.7.1.16" }, { "status": "affected", "version": "8.8.100.0" }, { "status": "affected", "version": "8.8.111.0" }, { "status": "affected", "version": "8.8.120.0" }, { "status": "affected", "version": "8.8.125.0" }, { "status": "affected", "version": "8.8.130.0" }, { "status": "affected", "version": "8.6.101.0" }, { "status": "affected", "version": "8.6.1.84" }, { "status": "affected", "version": "8.6.1.70" }, { "status": "affected", "version": "8.6.1.71" }, { "status": "affected", "version": "8.9.100.0" }, { "status": "affected", "version": "8.9.111.0" }, { "status": "affected", "version": "8.10.105.0" }, { "status": "affected", "version": "8.10.111.0" }, { "status": "affected", "version": "8.10.130.0" }, { "status": "affected", "version": "8.10.112.0" }, { "status": "affected", "version": "8.10.122.0" }, { "status": "affected", "version": "8.10.113.0" }, { "status": "affected", "version": "8.10.121.0" }, { "status": "affected", "version": "8.10.141.0" }, { "status": "affected", "version": "8.10.142.0" }, { "status": "affected", "version": "8.10.151.0" }, { "status": "affected", "version": "8.10.150.0" }, { "status": "affected", "version": "8.10.171.0" }, { "status": "affected", "version": "8.10.181.0" }, { "status": "affected", "version": "8.10.182.0" }, { "status": "affected", "version": "8.10.161.0" }, { "status": "affected", "version": "8.10.170.0" }, { "status": "affected", "version": "8.10.183.0" }, { "status": "affected", "version": "8.10.162.0" }, { "status": "affected", "version": "8.10.185.0" } ] }, { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.1.1.0" }, { "status": "affected", "version": "10.1.2.0" }, { "status": "affected", "version": "10.2.1.0" }, { "status": "affected", "version": "10.2.2.0" }, { "status": "affected", "version": "10.3.1.0" }, { "status": "affected", "version": "10.3.1.1" }, { "status": "affected", "version": "10.3.2.0" }, { "status": "affected", "version": "1.0.0.13" }, { "status": "affected", "version": "1.0.0.16" }, { "status": "affected", "version": "1.0.0.3" }, { "status": "affected", "version": "1.0.0.39" }, { "status": "affected", "version": "1.0.0.4" }, { "status": "affected", "version": "1.0.0.5" }, { "status": "affected", "version": "1.0.0.7" }, { "status": "affected", "version": "1.0.1.2" }, { "status": "affected", "version": "1.0.1.3" }, { "status": "affected", "version": "1.0.1.4" }, { "status": "affected", "version": "1.0.1.5" }, { "status": "affected", "version": "1.0.1.6" }, { "status": "affected", "version": "1.0.1.7" }, { "status": "affected", "version": "1.0.2.0" }, { "status": "affected", "version": "1.0.2.13" }, { "status": "affected", "version": "1.0.2.14" }, { "status": "affected", "version": "1.0.2.15" }, { "status": "affected", "version": "1.0.2.16" }, { "status": "affected", "version": "1.0.2.17" }, { "status": "affected", "version": "1.0.2.2" }, { "status": "affected", "version": "1.0.2.8" }, { "status": "affected", "version": "1.0.3.1" }, { "status": "affected", "version": "1.0.4.4" }, { "status": "affected", "version": "1.0.4.3" }, { "status": "affected", "version": "1.0.6.6" }, { "status": "affected", "version": "1.0.3.4" }, { "status": "affected", "version": "1.0.6.8" }, { "status": "affected", "version": "1.0.6.2" }, { "status": "affected", "version": "1.0.2.3" }, { "status": "affected", "version": "1.0.5.3" }, { "status": "affected", "version": "1.0.1.10" }, { "status": "affected", "version": "1.0.4.2" }, { "status": "affected", "version": "1.0.6.5" }, { "status": "affected", "version": "1.0.6.7" }, { "status": "affected", "version": "1.0.5.0" }, { "status": "affected", "version": "1.0.0.10" }, { "status": "affected", "version": "1.0.0.12" }, { "status": "affected", "version": "1.0.0.14" }, { "status": "affected", "version": "1.0.0.15" }, { "status": "affected", "version": "1.0.0.17" }, { "status": "affected", "version": "1.0.0.9" }, { "status": "affected", "version": "1.0.1.11" }, { "status": "affected", "version": "1.0.1.12" }, { "status": "affected", "version": "1.0.1.9" }, { "status": "affected", "version": "1.0.2.6" }, { "status": "affected", "version": "1.1.0.5" }, { "status": "affected", "version": "1.1.0.7" }, { "status": "affected", "version": "1.1.0.9" }, { "status": "affected", "version": "1.1.1.0" }, { "status": "affected", "version": "1.1.2.4" }, { "status": "affected", "version": "1.1.4.6" }, { "status": "affected", "version": "1.1.3.2" }, { "status": "affected", "version": "1.1.4.0" }, { "status": "affected", "version": "1.1.0.3" }, { "status": "affected", "version": "1.1.0.4" }, { "status": "affected", "version": "1.1.0.6" }, { "status": "affected", "version": "1.1.2.3" }, { "status": "affected", "version": "10.4.1.0" }, { "status": "affected", "version": "10.4.2.0" }, { "status": "affected", "version": "10.6.1.0" }, { "status": "affected", "version": "10.7.1.0" }, { "status": "affected", "version": "10.8.1.0" }, { "status": "affected", "version": "1.2.0.2" }, { "status": "affected", "version": "1.2.0.3" }, { "status": "affected", "version": "1.2.1.3" }, { "status": "affected", "version": "1.3.0.3" }, { "status": "affected", "version": "1.3.0.4" }, { "status": "affected", "version": "1.3.0.6" }, { "status": "affected", "version": "1.3.0.7" }, { "status": "affected", "version": "10.5.2.0" } ] }, { "product": "Cisco Aironet Access Point Software (IOS XE Controller)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1c" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.12.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T17:05:27.473Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ap-dos-h9TGGX6W", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W" } ], "source": { "advisory": "cisco-sa-ap-dos-h9TGGX6W", "defects": [ "CSCwh00028" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20271", "datePublished": "2024-03-27T17:05:27.473Z", "dateReserved": "2023-11-08T15:08:07.624Z", "dateUpdated": "2024-08-01T21:52:38.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20335
Vulnerability from cvelistv5
Published
2024-03-06 16:30
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "business_wireless_access_point_software", "vendor": "cisco", "versions": [ { "status": "affected", "version": "1.0.0.10" }, { "status": "affected", "version": "1.0.0.12" }, { "status": "affected", "version": "1.0.0.13" }, { "status": "affected", "version": "1.0.0.14" }, { "status": "affected", "version": "1.0.0.15" }, { "status": "affected", "version": "1.0.0.16" }, { "status": "affected", "version": "1.0.0.17" }, { "status": "affected", "version": "1.0.0.3" }, { "status": "affected", "version": "1.0.0.4" }, { "status": "affected", "version": "1.0.0.5" }, { "status": "affected", "version": "1.0.0.7" }, { "status": "affected", "version": "1.0.0.9" }, { "status": "affected", "version": "1.0.1.10" }, { "status": "affected", "version": "1.0.1.11" }, { "status": "affected", "version": "1.0.1.12" }, { "status": "affected", "version": "1.0.1.2" }, { "status": "affected", "version": "1.0.1.3" }, { "status": "affected", "version": "1.0.1.5" }, { "status": "affected", "version": "1.0.1.6" }, { "status": "affected", "version": "1.0.1.7" }, { "status": "affected", "version": "1.0.1.9" }, { "status": "affected", "version": "1.0.2.0" }, { "status": "affected", "version": "1.0.2.6" }, { "status": "affected", "version": "1.0.3.1" }, { "status": "affected", "version": "1.0.4.3" }, { "status": "affected", "version": "1.0.4.4" }, { "status": "affected", "version": "1.0.5.0" }, { "status": "affected", "version": "1.1.0.3" }, { "status": "affected", "version": "1.1.0.4" }, { "status": "affected", "version": "1.1.0.5" }, { "status": "affected", "version": "1.1.0.6" }, { "status": "affected", "version": "1.1.0.7" }, { "status": "affected", "version": "1.1.0.9" }, { "status": "affected", "version": "1.1.1.0" }, { "status": "affected", "version": "1.1.2.3" }, { "status": "affected", "version": "1.1.2.4" }, { "status": "affected", "version": "1.1.3.2" }, { "status": "affected", "version": "1.1.4.0" }, { "status": "affected", "version": "1.1.4.6" }, { "status": "affected", "version": "1.2.0.2" }, { "status": "affected", "version": "1.2.0.3" }, { "status": "affected", "version": "1.2.1.3" }, { "status": "affected", "version": "1.3.0.3" }, { "status": "affected", "version": "1.3.0.4" }, { "status": "affected", "version": "1.3.0.6" }, { "status": "affected", "version": "1.3.0.7" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20335", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-07T14:42:02.782698Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-26T15:07:27.344Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.400Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-sb-wap-multi-85G83CRB", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "1.0.0.13" }, { "status": "affected", "version": "1.0.0.16" }, { "status": "affected", "version": "1.0.0.3" }, { "status": "affected", "version": "1.0.0.4" }, { "status": "affected", "version": "1.0.0.5" }, { "status": "affected", "version": "1.0.0.7" }, { "status": "affected", "version": "1.0.1.2" }, { "status": "affected", "version": "1.0.1.3" }, { "status": "affected", "version": "1.0.1.5" }, { "status": "affected", "version": "1.0.1.6" }, { "status": "affected", "version": "1.0.1.7" }, { "status": "affected", "version": "1.0.2.0" }, { "status": "affected", "version": "1.0.3.1" }, { "status": "affected", "version": "1.0.4.4" }, { "status": "affected", "version": "1.0.4.3" }, { "status": "affected", "version": "1.0.1.10" }, { "status": "affected", "version": "1.0.5.0" }, { "status": "affected", "version": "1.0.0.10" }, { "status": "affected", "version": "1.0.0.12" }, { "status": "affected", "version": "1.0.0.14" }, { "status": "affected", "version": "1.0.0.15" }, { "status": "affected", "version": "1.0.0.17" }, { "status": "affected", "version": "1.0.0.9" }, { "status": "affected", "version": "1.0.1.11" }, { "status": "affected", "version": "1.0.1.12" }, { "status": "affected", "version": "1.0.1.9" }, { "status": "affected", "version": "1.0.2.6" }, { "status": "affected", "version": "1.1.0.5" }, { "status": "affected", "version": "1.1.0.7" }, { "status": "affected", "version": "1.1.0.9" }, { "status": "affected", "version": "1.1.1.0" }, { "status": "affected", "version": "1.1.2.4" }, { "status": "affected", "version": "1.1.4.6" }, { "status": "affected", "version": "1.1.3.2" }, { "status": "affected", "version": "1.1.4.0" }, { "status": "affected", "version": "1.1.0.3" }, { "status": "affected", "version": "1.1.0.4" }, { "status": "affected", "version": "1.1.0.6" }, { "status": "affected", "version": "1.1.2.3" }, { "status": "affected", "version": "1.2.0.2" }, { "status": "affected", "version": "1.2.0.3" }, { "status": "affected", "version": "1.2.1.3" }, { "status": "affected", "version": "1.3.0.3" }, { "status": "affected", "version": "1.3.0.4" }, { "status": "affected", "version": "1.3.0.6" }, { "status": "affected", "version": "1.3.0.7" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-06T17:06:13.554Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-sb-wap-multi-85G83CRB", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB" } ], "source": { "advisory": "cisco-sa-sb-wap-multi-85G83CRB", "defects": [ "CSCwi78277", "CSCwi83948", "CSCwi78254", "CSCwi78271" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20335", "datePublished": "2024-03-06T16:30:39.235Z", "dateReserved": "2023-11-08T15:08:07.642Z", "dateUpdated": "2024-08-01T21:59:41.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20265
Vulnerability from cvelistv5
Published
2024-03-27 17:03
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:aironet_access_point_software:8.2.100.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aironet_access_point_software", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "8.10.185.0", "status": "affected", "version": "8.2.100.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:business_wireless_access_point_software:10.0.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "business_wireless_access_point_software", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "10.8.1.0", "status": "affected", "version": "10.0.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:aironet_access_point_software:16.10.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aironet_access_point_software", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "17.11.1", "status": "affected", "version": "16.10.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20265", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-27T19:46:28.390425Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:33:37.498Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:52:31.616Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Aironet Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.2.100.0" }, { "status": "affected", "version": "8.2.130.0" }, { "status": "affected", "version": "8.2.111.0" }, { "status": "affected", "version": "8.2.110.0" }, { "status": "affected", "version": "8.2.121.0" }, { "status": "affected", "version": "8.2.141.0" }, { "status": "affected", "version": "8.2.151.0" }, { "status": "affected", "version": "8.2.160.0" }, { "status": "affected", "version": "8.2.161.0" }, { "status": "affected", "version": "8.2.164.0" }, { "status": "affected", "version": "8.2.166.0" }, { "status": "affected", "version": "8.2.170.0" }, { "status": "affected", "version": "8.2.163.0" }, { "status": "affected", "version": "8.3.102.0" }, { "status": "affected", "version": "8.3.111.0" }, { "status": "affected", "version": "8.3.112.0" }, { "status": "affected", "version": "8.3.121.0" }, { "status": "affected", "version": "8.3.122.0" }, { "status": "affected", "version": "8.3.130.0" }, { "status": "affected", "version": "8.3.131.0" }, { "status": "affected", "version": "8.3.132.0" }, { "status": "affected", "version": "8.3.133.0" }, { "status": "affected", "version": "8.3.140.0" }, { "status": "affected", "version": "8.3.141.0" }, { "status": "affected", "version": "8.3.143.0" }, { "status": "affected", "version": "8.3.150.0" }, { "status": "affected", "version": "8.3.108.0" }, { "status": "affected", "version": "8.3.90.53" }, { "status": "affected", "version": "8.3.104.46" }, { "status": "affected", "version": "8.3.200.200" }, { "status": "affected", "version": "8.3.104.64" }, { "status": "affected", "version": "8.3.15.165" }, { "status": "affected", "version": "8.3.90.11" }, { "status": "affected", "version": "8.3.135.0" }, { "status": "affected", "version": "8.3.104.14" }, { "status": "affected", "version": "8.3.90.36" }, { "status": "affected", "version": "8.3.15.142" }, { "status": "affected", "version": "8.3.104.37" }, { "status": "affected", "version": "8.3.15.117" }, { "status": "affected", "version": "8.3.15.120" }, { "status": "affected", "version": "8.3.15.25" }, { "status": "affected", "version": "8.3.15.158" }, { "status": "affected", "version": "8.3.15.118" }, { "status": "affected", "version": "8.3.90.25" }, { "status": "affected", "version": "8.3.15.169" }, { "status": "affected", "version": "8.3.90.58" }, { "status": "affected", "version": "8.4.100.0" }, { "status": "affected", "version": "8.4.1.199" }, { "status": "affected", "version": "8.4.1.91" }, { "status": "affected", "version": "8.4.1.142" }, { "status": "affected", "version": "8.4.1.175" }, { "status": "affected", "version": "8.4.1.218" }, { "status": "affected", "version": "8.4.1.92" }, { "status": "affected", "version": "8.5.103.0" }, { "status": "affected", "version": "8.5.105.0" }, { "status": "affected", "version": "8.5.110.0" }, { "status": "affected", "version": "8.5.120.0" }, { "status": "affected", "version": "8.5.131.0" }, { "status": "affected", "version": "8.5.140.0" }, { "status": "affected", "version": "8.5.135.0" }, { "status": "affected", "version": "8.5.151.0" }, { "status": "affected", "version": "8.5.101.0" }, { "status": "affected", "version": "8.5.102.0" }, { "status": "affected", "version": "8.5.161.0" }, { "status": "affected", "version": "8.5.160.0" }, { "status": "affected", "version": "8.5.100.0" }, { "status": "affected", "version": "8.5.171.0" }, { "status": "affected", "version": "8.5.164.0" }, { "status": "affected", "version": "8.5.182.0" }, { "status": "affected", "version": "8.5.182.11 ME" }, { "status": "affected", "version": "8.7.102.0" }, { "status": "affected", "version": "8.7.106.0" }, { "status": "affected", "version": "8.7.1.16" }, { "status": "affected", "version": "8.8.100.0" }, { "status": "affected", "version": "8.8.111.0" }, { "status": "affected", "version": "8.8.120.0" }, { "status": "affected", "version": "8.8.125.0" }, { "status": "affected", "version": "8.8.130.0" }, { "status": "affected", "version": "8.6.101.0" }, { "status": "affected", "version": "8.6.1.84" }, { "status": "affected", "version": "8.6.1.70" }, { "status": "affected", "version": "8.6.1.71" }, { "status": "affected", "version": "8.9.100.0" }, { "status": "affected", "version": "8.9.111.0" }, { "status": "affected", "version": "8.10.105.0" }, { "status": "affected", "version": "8.10.111.0" }, { "status": "affected", "version": "8.10.130.0" }, { "status": "affected", "version": "8.10.112.0" }, { "status": "affected", "version": "8.10.122.0" }, { "status": "affected", "version": "8.10.113.0" }, { "status": "affected", "version": "8.10.121.0" }, { "status": "affected", "version": "8.10.141.0" }, { "status": "affected", "version": "8.10.142.0" }, { "status": "affected", "version": "8.10.151.0" }, { "status": "affected", "version": "8.10.150.0" }, { "status": "affected", "version": "8.10.171.0" }, { "status": "affected", "version": "8.10.181.0" }, { "status": "affected", "version": "8.10.182.0" }, { "status": "affected", "version": "8.10.161.0" }, { "status": "affected", "version": "8.10.170.0" }, { "status": "affected", "version": "8.10.183.0" }, { "status": "affected", "version": "8.10.162.0" }, { "status": "affected", "version": "8.10.185.0" } ] }, { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.1.1.0" }, { "status": "affected", "version": "10.1.2.0" }, { "status": "affected", "version": "10.2.1.0" }, { "status": "affected", "version": "10.2.2.0" }, { "status": "affected", "version": "10.3.1.0" }, { "status": "affected", "version": "10.3.1.1" }, { "status": "affected", "version": "10.3.2.0" }, { "status": "affected", "version": "10.4.1.0" }, { "status": "affected", "version": "10.4.2.0" }, { "status": "affected", "version": "10.6.1.0" }, { "status": "affected", "version": "10.6.2.0" }, { "status": "affected", "version": "10.7.1.0" }, { "status": "affected", "version": "10.8.1.0" }, { "status": "affected", "version": "10.5.2.0" } ] }, { "product": "Cisco Aironet Access Point Software (IOS XE Controller)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1c" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.11.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.\r\n\r This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-501", "description": "Trust Boundary Violation", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T17:03:54.505Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD" } ], "source": { "advisory": "cisco-sa-ap-secureboot-bypass-zT5vJkSD", "defects": [ "CSCwf62026" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20265", "datePublished": "2024-03-27T17:03:54.505Z", "dateReserved": "2023-11-08T15:08:07.624Z", "dateUpdated": "2024-08-01T21:52:31.616Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20268
Vulnerability from cvelistv5
Published
2023-09-27 17:22
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.
This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ap-dos-capwap-DDMCZS4m", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Aironet Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.2.100.0" }, { "status": "affected", "version": "8.2.130.0" }, { "status": "affected", "version": "8.2.111.0" }, { "status": "affected", "version": "8.2.110.0" }, { "status": "affected", "version": "8.2.121.0" }, { "status": "affected", "version": "8.2.141.0" }, { "status": "affected", "version": "8.2.151.0" }, { "status": "affected", "version": "8.2.160.0" }, { "status": "affected", "version": "8.2.161.0" }, { "status": "affected", "version": "8.2.164.0" }, { "status": "affected", "version": "8.2.166.0" }, { "status": "affected", "version": "8.2.170.0" }, { "status": "affected", "version": "8.2.163.0" }, { "status": "affected", "version": "8.3.102.0" }, { "status": "affected", "version": "8.3.111.0" }, { "status": "affected", "version": "8.3.112.0" }, { "status": "affected", "version": "8.3.121.0" }, { "status": "affected", "version": "8.3.122.0" }, { "status": "affected", "version": "8.3.130.0" }, { "status": "affected", "version": "8.3.131.0" }, { "status": "affected", "version": "8.3.132.0" }, { "status": "affected", "version": "8.3.133.0" }, { "status": "affected", "version": "8.3.140.0" }, { "status": "affected", "version": "8.3.141.0" }, { "status": "affected", "version": "8.3.143.0" }, { "status": "affected", "version": "8.3.150.0" }, { "status": "affected", "version": "8.3.108.0" }, { "status": "affected", "version": "8.3.90.53" }, { "status": "affected", "version": "8.3.104.46" }, { "status": "affected", "version": "8.3.200.200" }, { "status": "affected", "version": "8.3.104.64" }, { "status": "affected", "version": "8.3.15.165" }, { "status": "affected", "version": "8.3.90.11" }, { "status": "affected", "version": "8.3.135.0" }, { "status": "affected", "version": "8.3.104.14" }, { "status": "affected", "version": "8.3.90.36" }, { "status": "affected", "version": "8.3.15.142" }, { "status": "affected", "version": "8.3.104.37" }, { "status": "affected", "version": "8.3.15.117" }, { "status": "affected", "version": "8.3.15.120" }, { "status": "affected", "version": "8.3.15.25" }, { "status": "affected", "version": "8.3.15.158" }, { "status": "affected", "version": "8.3.15.118" }, { "status": "affected", "version": "8.3.90.25" }, { "status": "affected", "version": "8.3.15.169" }, { "status": "affected", "version": "8.3.90.58" }, { "status": "affected", "version": "8.4.100.0" }, { "status": "affected", "version": "8.4.1.199" }, { "status": "affected", "version": "8.4.1.91" }, { "status": "affected", "version": "8.4.1.142" }, { "status": "affected", "version": "8.4.1.175" }, { "status": "affected", "version": "8.4.1.218" }, { "status": "affected", "version": "8.4.1.92" }, { "status": "affected", "version": "8.5.103.0" }, { "status": "affected", "version": "8.5.105.0" }, { "status": "affected", "version": "8.5.110.0" }, { "status": "affected", "version": "8.5.120.0" }, { "status": "affected", "version": "8.5.131.0" }, { "status": "affected", "version": "8.5.140.0" }, { "status": "affected", "version": "8.5.135.0" }, { "status": "affected", "version": "8.5.151.0" }, { "status": "affected", "version": "8.5.101.0" }, { "status": "affected", "version": "8.5.102.0" }, { "status": "affected", "version": "8.5.161.0" }, { "status": "affected", "version": "8.5.160.0" }, { "status": "affected", "version": "8.5.100.0" }, { "status": "affected", "version": "8.5.171.0" }, { "status": "affected", "version": "8.5.164.0" }, { "status": "affected", "version": "8.5.182.0" }, { "status": "affected", "version": "8.5.182.11 ME" }, { "status": "affected", "version": "8.7.102.0" }, { "status": "affected", "version": "8.7.106.0" }, { "status": "affected", "version": "8.7.1.16" }, { "status": "affected", "version": "8.8.100.0" }, { "status": "affected", "version": "8.8.111.0" }, { "status": "affected", "version": "8.8.120.0" }, { "status": "affected", "version": "8.8.125.0" }, { "status": "affected", "version": "8.8.130.0" }, { "status": "affected", "version": "8.6.101.0" }, { "status": "affected", "version": "8.6.1.84" }, { "status": "affected", "version": "8.6.1.70" }, { "status": "affected", "version": "8.6.1.71" }, { "status": "affected", "version": "8.9.100.0" }, { "status": "affected", "version": "8.9.111.0" }, { "status": "affected", "version": "8.10.105.0" }, { "status": "affected", "version": "8.10.111.0" }, { "status": "affected", "version": "8.10.130.0" }, { "status": "affected", "version": "8.10.112.0" }, { "status": "affected", "version": "8.10.122.0" }, { "status": "affected", "version": "8.10.113.0" }, { "status": "affected", "version": "8.10.121.0" }, { "status": "affected", "version": "8.10.141.0" }, { "status": "affected", "version": "8.10.142.0" }, { "status": "affected", "version": "8.10.151.0" }, { "status": "affected", "version": "8.10.150.0" }, { "status": "affected", "version": "8.10.171.0" }, { "status": "affected", "version": "8.10.181.0" }, { "status": "affected", "version": "8.10.182.0" }, { "status": "affected", "version": "8.10.161.0" }, { "status": "affected", "version": "8.10.170.0" }, { "status": "affected", "version": "8.10.183.0" }, { "status": "affected", "version": "8.10.162.0" } ] }, { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.1.1.0" }, { "status": "affected", "version": "10.1.2.0" }, { "status": "affected", "version": "10.2.1.0" }, { "status": "affected", "version": "10.2.2.0" }, { "status": "affected", "version": "10.3.1.0" }, { "status": "affected", "version": "10.3.1.1" }, { "status": "affected", "version": "10.3.2.0" }, { "status": "affected", "version": "10.4.1.0" }, { "status": "affected", "version": "10.4.2.0" }, { "status": "affected", "version": "10.6.1.0" }, { "status": "affected", "version": "10.7.1.0" }, { "status": "affected", "version": "10.8.1.0" }, { "status": "affected", "version": "10.5.2.0" } ] }, { "product": "Cisco Aironet Access Point Software (IOS XE Controller)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1c" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.8.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.\r\n\r This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:58:36.522Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ap-dos-capwap-DDMCZS4m", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m" } ], "source": { "advisory": "cisco-sa-ap-dos-capwap-DDMCZS4m", "defects": [ "CSCwe75371" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20268", "datePublished": "2023-09-27T17:22:55.840Z", "dateReserved": "2022-10-27T18:47:50.373Z", "dateUpdated": "2024-08-02T09:05:36.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1401
Vulnerability from cvelistv5
Published
2021-05-06 12:42
Modified
2024-11-08 23:18
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF | vendor-advisory, x_refsource_CISCO | |
http://jvn.jp/en/jp/JVN71263107/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1401", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:17:27.276170Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:18:13.116Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-14T04:06:10", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ], "source": { "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [ [ "CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00", "ID": "CVE-2021-1401", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ] }, "source": { "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [ [ "CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1401", "datePublished": "2021-05-06T12:42:34.960957Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:18:13.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1551
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 23:15
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1551", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:45.908749Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:15:01.509Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:40:22", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1551", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1551", "datePublished": "2021-05-22T06:40:22.215613Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:15:01.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20336
Vulnerability from cvelistv5
Published
2024-03-06 16:31
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "business_access_points", "vendor": "cisco", "versions": [ { "status": "affected", "version": "1.0.0.3" }, { "status": "affected", "version": "1.0.0.4" }, { "status": "affected", "version": "1.0.0.5" }, { "status": "affected", "version": "1.0.0.7" }, { "status": "affected", "version": "1.0.1.3" }, { "status": "affected", "version": "1.0.1.5" }, { "status": "affected", "version": "1.0.1.7" }, { "status": "affected", "version": "1.0.2.0" }, { "status": "affected", "version": "1.0.3.1" }, { "status": "affected", "version": "1.0.4.3" }, { "status": "affected", "version": "1.0.4.4" }, { "status": "affected", "version": "1.0.5.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20336", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-07T05:00:32.901343Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-30T15:37:49.388Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.754Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-sb-wap-multi-85G83CRB", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "1.0.0.3" }, { "status": "affected", "version": "1.0.0.4" }, { "status": "affected", "version": "1.0.0.5" }, { "status": "affected", "version": "1.0.0.7" }, { "status": "affected", "version": "1.0.1.3" }, { "status": "affected", "version": "1.0.1.5" }, { "status": "affected", "version": "1.0.1.7" }, { "status": "affected", "version": "1.0.2.0" }, { "status": "affected", "version": "1.0.3.1" }, { "status": "affected", "version": "1.0.4.4" }, { "status": "affected", "version": "1.0.4.3" }, { "status": "affected", "version": "1.0.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-06T17:07:15.946Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-sb-wap-multi-85G83CRB", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB" } ], "source": { "advisory": "cisco-sa-sb-wap-multi-85G83CRB", "defects": [ "CSCwi83951", "CSCwi83952", "CSCwi83953", "CSCwi83957" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20336", "datePublished": "2024-03-06T16:31:10.729Z", "dateReserved": "2023-11-08T15:08:07.642Z", "dateUpdated": "2024-08-01T21:59:41.754Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1547
Vulnerability from cvelistv5
Published
2021-05-22 06:45
Modified
2024-11-08 21:15
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.697Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1547", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:06.991913Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T21:15:51.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:45:22", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1547", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1547", "datePublished": "2021-05-22T06:45:22.741067Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T21:15:51.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1549
Vulnerability from cvelistv5
Published
2021-05-22 06:45
Modified
2024-11-08 21:19
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.792Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1549", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:14.165746Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T21:19:07.624Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:45:14", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1549", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1549", "datePublished": "2021-05-22T06:45:14.568881Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T21:19:07.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1553
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 23:14
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1553", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:29.588722Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:14:43.500Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:40:29", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1553", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1553", "datePublished": "2021-05-22T06:40:29.787709Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:14:43.500Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1554
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 23:14
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1554", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:27.572886Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:14:34.272Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:40:33", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1554", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1554", "datePublished": "2021-05-22T06:40:33.590544Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:14:34.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1550
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 23:15
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1550", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:47.240856Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:15:11.378Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:40:18", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1550", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1550", "datePublished": "2021-05-22T06:40:18.406810Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:15:11.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1400
Vulnerability from cvelistv5
Published
2021-05-06 12:42
Modified
2024-11-08 23:18
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF | vendor-advisory, x_refsource_CISCO | |
http://jvn.jp/en/jp/JVN71263107/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1400", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:17:25.333036Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:18:03.507Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-14T04:06:11", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ], "source": { "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [ [ "CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00", "ID": "CVE-2021-1400", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ] }, "source": { "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [ [ "CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1400", "datePublished": "2021-05-06T12:42:39.308636Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:18:03.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20003
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-25 15:58
Severity ?
EPSS score ?
Summary
Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20003", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:34:30.280035Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T15:58:19.897Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-05-17T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-288", "description": "CWE-288", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-18T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ" } ], "source": { "advisory": "cisco-sa-cbw-auth-bypass-ggnAfdZ", "defect": [ [ "CSCwd07949" ] ], "discovery": "INTERNAL" }, "title": "Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20003", "datePublished": "2023-05-18T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T15:58:19.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1555
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 21:20
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1555", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:22.172588Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T21:20:18.656Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:40:37", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1555", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1555", "datePublished": "2021-05-22T06:40:37.495093Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T21:20:18.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1552
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 23:14
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1552", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:42:42.636928Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:14:52.348Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-22T06:40:25", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-19T16:00:00", "ID": "CVE-2021-1552", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG" } ] }, "source": { "advisory": "cisco-sa-sb-wap-inject-Mp9FSdG", "defect": [ [ "CSCvx46599" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1552", "datePublished": "2021-05-22T06:40:25.929047Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:14:52.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20287
Vulnerability from cvelistv5
Published
2024-01-17 16:58
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.357Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-sb-wap-inject-bHStWgXO", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "1.0.1.5" }, { "status": "affected", "version": "1.0.0.10" }, { "status": "affected", "version": "1.0.0.9" }, { "status": "affected", "version": "1.1.2.3" }, { "status": "affected", "version": "1.2.0.2" }, { "status": "affected", "version": "1.2.0.3" }, { "status": "affected", "version": "1.2.1.3" }, { "status": "affected", "version": "1.3.0.3" }, { "status": "affected", "version": "1.3.0.4" }, { "status": "affected", "version": "1.3.0.6" }, { "status": "affected", "version": "1.3.0.7" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-88", "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-02T15:42:45.536Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-sb-wap-inject-bHStWgXO", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO" } ], "source": { "advisory": "cisco-sa-sb-wap-inject-bHStWgXO", "defects": [ "CSCwi22632" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20287", "datePublished": "2024-01-17T16:58:01.192Z", "dateReserved": "2023-11-08T15:08:07.626Z", "dateUpdated": "2024-08-01T21:59:41.357Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }