Search criteria
36 vulnerabilities found for Cisco Business Wireless Access Point Software by Cisco
CVE-2024-20271 (GCVE-0-2024-20271)
Vulnerability from cvelistv5 – Published: 2024-03-27 17:05 – Updated: 2024-08-01 21:52
VLAI?
Summary
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software |
Affected:
8.2.100.0
Affected: 8.2.130.0 Affected: 8.2.111.0 Affected: 8.2.110.0 Affected: 8.2.121.0 Affected: 8.2.141.0 Affected: 8.2.151.0 Affected: 8.2.160.0 Affected: 8.2.161.0 Affected: 8.2.164.0 Affected: 8.2.166.0 Affected: 8.2.170.0 Affected: 8.2.163.0 Affected: 8.3.102.0 Affected: 8.3.111.0 Affected: 8.3.112.0 Affected: 8.3.121.0 Affected: 8.3.122.0 Affected: 8.3.130.0 Affected: 8.3.131.0 Affected: 8.3.132.0 Affected: 8.3.133.0 Affected: 8.3.140.0 Affected: 8.3.141.0 Affected: 8.3.143.0 Affected: 8.3.150.0 Affected: 8.3.108.0 Affected: 8.3.90.53 Affected: 8.3.104.46 Affected: 8.3.200.200 Affected: 8.3.104.64 Affected: 8.3.15.165 Affected: 8.3.90.11 Affected: 8.3.135.0 Affected: 8.3.104.14 Affected: 8.3.90.36 Affected: 8.3.15.142 Affected: 8.3.104.37 Affected: 8.3.15.117 Affected: 8.3.15.120 Affected: 8.3.15.25 Affected: 8.3.15.158 Affected: 8.3.15.118 Affected: 8.3.90.25 Affected: 8.3.15.169 Affected: 8.3.90.58 Affected: 8.4.100.0 Affected: 8.4.1.199 Affected: 8.4.1.91 Affected: 8.4.1.142 Affected: 8.4.1.175 Affected: 8.4.1.218 Affected: 8.4.1.92 Affected: 8.5.103.0 Affected: 8.5.105.0 Affected: 8.5.110.0 Affected: 8.5.120.0 Affected: 8.5.131.0 Affected: 8.5.140.0 Affected: 8.5.135.0 Affected: 8.5.151.0 Affected: 8.5.101.0 Affected: 8.5.102.0 Affected: 8.5.161.0 Affected: 8.5.160.0 Affected: 8.5.100.0 Affected: 8.5.171.0 Affected: 8.5.164.0 Affected: 8.5.182.0 Affected: 8.5.182.11 ME Affected: 8.7.102.0 Affected: 8.7.106.0 Affected: 8.7.1.16 Affected: 8.8.100.0 Affected: 8.8.111.0 Affected: 8.8.120.0 Affected: 8.8.125.0 Affected: 8.8.130.0 Affected: 8.6.101.0 Affected: 8.6.1.84 Affected: 8.6.1.70 Affected: 8.6.1.71 Affected: 8.9.100.0 Affected: 8.9.111.0 Affected: 8.10.105.0 Affected: 8.10.111.0 Affected: 8.10.130.0 Affected: 8.10.112.0 Affected: 8.10.122.0 Affected: 8.10.113.0 Affected: 8.10.121.0 Affected: 8.10.141.0 Affected: 8.10.142.0 Affected: 8.10.151.0 Affected: 8.10.150.0 Affected: 8.10.171.0 Affected: 8.10.181.0 Affected: 8.10.182.0 Affected: 8.10.161.0 Affected: 8.10.170.0 Affected: 8.10.183.0 Affected: 8.10.162.0 Affected: 8.10.185.0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.112.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.113.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.121.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.122.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.130.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.141.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.142.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.150.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.151.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.161.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.162.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.170.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.171.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.181.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.182.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.183.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.185.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2\\(100.0\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.110.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.121.0:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:aironet_access_point_software:8.2\\(130.0\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.141.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.151.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.160.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.161.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.163.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.166.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.170.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.102.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.37:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.46:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.64:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.108.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.112.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.121.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.122.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.130.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.132.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.133.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.135.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.140.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.141.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.143.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.150.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.117:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.118:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.120:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.142:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.158:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.165:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.169:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.25:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.200.200:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.25:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.36:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.53:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.58:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.142:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.175:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.199:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.218:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.91:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.92:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.101.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.102.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.103.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.105.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.110.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.120.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.135.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.140.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.151.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.160.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.161.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.171.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.182.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.101.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.70:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.71:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.84:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.7.102.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.7.106.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.7.1.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.120.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.125.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.130.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.9.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.9.111.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.185.0"
},
{
"status": "affected",
"version": "8.2\\(100.0\\)"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.2\\(130.0\\)"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.9.111.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T16:39:13.630340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T13:07:00.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:38.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ap-dos-h9TGGX6W",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.2.100.0"
},
{
"status": "affected",
"version": "8.2.130.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.5.182.11 ME"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.9.111.0"
},
{
"status": "affected",
"version": "8.10.105.0"
},
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.10.185.0"
}
]
},
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.1.1.0"
},
{
"status": "affected",
"version": "10.1.2.0"
},
{
"status": "affected",
"version": "10.2.1.0"
},
{
"status": "affected",
"version": "10.2.2.0"
},
{
"status": "affected",
"version": "10.3.1.0"
},
{
"status": "affected",
"version": "10.3.1.1"
},
{
"status": "affected",
"version": "10.3.2.0"
},
{
"status": "affected",
"version": "1.0.0.13"
},
{
"status": "affected",
"version": "1.0.0.16"
},
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.39"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.2"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.4"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.2.13"
},
{
"status": "affected",
"version": "1.0.2.14"
},
{
"status": "affected",
"version": "1.0.2.15"
},
{
"status": "affected",
"version": "1.0.2.16"
},
{
"status": "affected",
"version": "1.0.2.17"
},
{
"status": "affected",
"version": "1.0.2.2"
},
{
"status": "affected",
"version": "1.0.2.8"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.6.6"
},
{
"status": "affected",
"version": "1.0.3.4"
},
{
"status": "affected",
"version": "1.0.6.8"
},
{
"status": "affected",
"version": "1.0.6.2"
},
{
"status": "affected",
"version": "1.0.2.3"
},
{
"status": "affected",
"version": "1.0.5.3"
},
{
"status": "affected",
"version": "1.0.1.10"
},
{
"status": "affected",
"version": "1.0.4.2"
},
{
"status": "affected",
"version": "1.0.6.5"
},
{
"status": "affected",
"version": "1.0.6.7"
},
{
"status": "affected",
"version": "1.0.5.0"
},
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.12"
},
{
"status": "affected",
"version": "1.0.0.14"
},
{
"status": "affected",
"version": "1.0.0.15"
},
{
"status": "affected",
"version": "1.0.0.17"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.0.1.11"
},
{
"status": "affected",
"version": "1.0.1.12"
},
{
"status": "affected",
"version": "1.0.1.9"
},
{
"status": "affected",
"version": "1.0.2.6"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.4"
},
{
"status": "affected",
"version": "1.1.4.6"
},
{
"status": "affected",
"version": "1.1.3.2"
},
{
"status": "affected",
"version": "1.1.4.0"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "10.4.1.0"
},
{
"status": "affected",
"version": "10.4.2.0"
},
{
"status": "affected",
"version": "10.6.1.0"
},
{
"status": "affected",
"version": "10.7.1.0"
},
{
"status": "affected",
"version": "10.8.1.0"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
},
{
"status": "affected",
"version": "10.5.2.0"
}
]
},
{
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1c"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T17:05:27.473Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ap-dos-h9TGGX6W",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W"
}
],
"source": {
"advisory": "cisco-sa-ap-dos-h9TGGX6W",
"defects": [
"CSCwh00028"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20271",
"datePublished": "2024-03-27T17:05:27.473Z",
"dateReserved": "2023-11-08T15:08:07.624Z",
"dateUpdated": "2024-08-01T21:52:38.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20265 (GCVE-0-2024-20265)
Vulnerability from cvelistv5 – Published: 2024-03-27 17:03 – Updated: 2024-08-01 21:52
VLAI?
Summary
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.
Severity ?
5.9 (Medium)
CWE
- CWE-501 - Trust Boundary Violation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
N/A
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.100.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "8.10.185.0",
"status": "affected",
"version": "8.2.100.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:business_wireless_access_point_software:10.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_wireless_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "10.8.1.0",
"status": "affected",
"version": "10.0.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:16.10.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "17.11.1",
"status": "affected",
"version": "16.10.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:46:28.390425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:33:37.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.2.100.0"
},
{
"status": "affected",
"version": "8.2.130.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.5.182.11 ME"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.9.111.0"
},
{
"status": "affected",
"version": "8.10.105.0"
},
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.10.185.0"
}
]
},
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.1.1.0"
},
{
"status": "affected",
"version": "10.1.2.0"
},
{
"status": "affected",
"version": "10.2.1.0"
},
{
"status": "affected",
"version": "10.2.2.0"
},
{
"status": "affected",
"version": "10.3.1.0"
},
{
"status": "affected",
"version": "10.3.1.1"
},
{
"status": "affected",
"version": "10.3.2.0"
},
{
"status": "affected",
"version": "10.4.1.0"
},
{
"status": "affected",
"version": "10.4.2.0"
},
{
"status": "affected",
"version": "10.6.1.0"
},
{
"status": "affected",
"version": "10.6.2.0"
},
{
"status": "affected",
"version": "10.7.1.0"
},
{
"status": "affected",
"version": "10.8.1.0"
},
{
"status": "affected",
"version": "10.5.2.0"
}
]
},
{
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1c"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.\r\n\r This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "Trust Boundary Violation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T17:03:54.505Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
}
],
"source": {
"advisory": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
"defects": [
"CSCwf62026"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20265",
"datePublished": "2024-03-27T17:03:54.505Z",
"dateReserved": "2023-11-08T15:08:07.624Z",
"dateUpdated": "2024-08-01T21:52:31.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20336 (GCVE-0-2024-20336)
Vulnerability from cvelistv5 – Published: 2024-03-06 16:31 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
1.0.0.3
Affected: 1.0.0.4 Affected: 1.0.0.5 Affected: 1.0.0.7 Affected: 1.0.1.3 Affected: 1.0.1.5 Affected: 1.0.1.7 Affected: 1.0.2.0 Affected: 1.0.3.1 Affected: 1.0.4.4 Affected: 1.0.4.3 Affected: 1.0.5.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_access_points",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T05:00:32.901343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:37:49.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T17:07:15.946Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-multi-85G83CRB",
"defects": [
"CSCwi83951",
"CSCwi83952",
"CSCwi83953",
"CSCwi83957"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20336",
"datePublished": "2024-03-06T16:31:10.729Z",
"dateReserved": "2023-11-08T15:08:07.642Z",
"dateUpdated": "2024-08-01T21:59:41.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20335 (GCVE-0-2024-20335)
Vulnerability from cvelistv5 – Published: 2024-03-06 16:30 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
1.0.0.13
Affected: 1.0.0.16 Affected: 1.0.0.3 Affected: 1.0.0.4 Affected: 1.0.0.5 Affected: 1.0.0.7 Affected: 1.0.1.2 Affected: 1.0.1.3 Affected: 1.0.1.5 Affected: 1.0.1.6 Affected: 1.0.1.7 Affected: 1.0.2.0 Affected: 1.0.3.1 Affected: 1.0.4.4 Affected: 1.0.4.3 Affected: 1.0.1.10 Affected: 1.0.5.0 Affected: 1.0.0.10 Affected: 1.0.0.12 Affected: 1.0.0.14 Affected: 1.0.0.15 Affected: 1.0.0.17 Affected: 1.0.0.9 Affected: 1.0.1.11 Affected: 1.0.1.12 Affected: 1.0.1.9 Affected: 1.0.2.6 Affected: 1.1.0.5 Affected: 1.1.0.7 Affected: 1.1.0.9 Affected: 1.1.1.0 Affected: 1.1.2.4 Affected: 1.1.4.6 Affected: 1.1.3.2 Affected: 1.1.4.0 Affected: 1.1.0.3 Affected: 1.1.0.4 Affected: 1.1.0.6 Affected: 1.1.2.3 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1.3 Affected: 1.3.0.3 Affected: 1.3.0.4 Affected: 1.3.0.6 Affected: 1.3.0.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_wireless_access_point_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.12"
},
{
"status": "affected",
"version": "1.0.0.13"
},
{
"status": "affected",
"version": "1.0.0.14"
},
{
"status": "affected",
"version": "1.0.0.15"
},
{
"status": "affected",
"version": "1.0.0.16"
},
{
"status": "affected",
"version": "1.0.0.17"
},
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.0.1.10"
},
{
"status": "affected",
"version": "1.0.1.11"
},
{
"status": "affected",
"version": "1.0.1.12"
},
{
"status": "affected",
"version": "1.0.1.2"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.1.9"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.2.6"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.5.0"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "1.1.2.4"
},
{
"status": "affected",
"version": "1.1.3.2"
},
{
"status": "affected",
"version": "1.1.4.0"
},
{
"status": "affected",
"version": "1.1.4.6"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T14:42:02.782698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:07:27.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.13"
},
{
"status": "affected",
"version": "1.0.0.16"
},
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.2"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.1.10"
},
{
"status": "affected",
"version": "1.0.5.0"
},
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.12"
},
{
"status": "affected",
"version": "1.0.0.14"
},
{
"status": "affected",
"version": "1.0.0.15"
},
{
"status": "affected",
"version": "1.0.0.17"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.0.1.11"
},
{
"status": "affected",
"version": "1.0.1.12"
},
{
"status": "affected",
"version": "1.0.1.9"
},
{
"status": "affected",
"version": "1.0.2.6"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.4"
},
{
"status": "affected",
"version": "1.1.4.6"
},
{
"status": "affected",
"version": "1.1.3.2"
},
{
"status": "affected",
"version": "1.1.4.0"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T17:06:13.554Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-multi-85G83CRB",
"defects": [
"CSCwi78277",
"CSCwi83948",
"CSCwi78254",
"CSCwi78271"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20335",
"datePublished": "2024-03-06T16:30:39.235Z",
"dateReserved": "2023-11-08T15:08:07.642Z",
"dateUpdated": "2024-08-01T21:59:41.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20287 (GCVE-0-2024-20287)
Vulnerability from cvelistv5 – Published: 2024-01-17 16:58 – Updated: 2025-06-02 15:05
VLAI?
Summary
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.
Severity ?
6.5 (Medium)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
1.0.1.5
Affected: 1.0.0.10 Affected: 1.0.0.9 Affected: 1.1.2.3 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1.3 Affected: 1.3.0.3 Affected: 1.3.0.4 Affected: 1.3.0.6 Affected: 1.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-wap-inject-bHStWgXO",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:46:56.632251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:05:08.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:45.536Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-wap-inject-bHStWgXO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-bHStWgXO",
"defects": [
"CSCwi22632"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20287",
"datePublished": "2024-01-17T16:58:01.192Z",
"dateReserved": "2023-11-08T15:08:07.626Z",
"dateUpdated": "2025-06-02T15:05:08.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20268 (GCVE-0-2023-20268)
Vulnerability from cvelistv5 – Published: 2023-09-27 17:22 – Updated: 2024-12-12 17:19
VLAI?
Summary
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.
This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.
Severity ?
4.7 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software |
Affected:
8.3.135.0
Affected: 8.3.140.0 Affected: 8.8.111.0 Affected: 8.5.151.0 Affected: 8.3.104.46 Affected: 8.10.121.0 Affected: 8.4.1.218 Affected: 8.3.122.0 Affected: 8.8.100.0 Affected: 8.3.131.0 Affected: 8.5.140.0 Affected: 8.3.132.0 Affected: 8.5.100.0 Affected: 8.5.103.0 Affected: 8.3.133.0 Affected: 8.3.150.0 Affected: 8.5.101.0 Affected: 8.5.105.0 Affected: 8.10.122.0 Affected: 8.8.130.0 Affected: 8.10.112.0 Affected: 8.3.143.0 Affected: 8.8.120.0 Affected: 8.9.111.0 Affected: 8.5.102.0 Affected: 8.5.161.0 Affected: 8.3.121.0 Affected: 8.9.100.0 Affected: 8.10.111.0 Affected: 8.2.170.0 Affected: 8.2.163.0 Affected: 8.10.130.0 Affected: 8.10.105.0 Affected: 8.6.101.0 Affected: 8.3.104.64 Affected: 8.3.15.117 Affected: 8.5.110.0 Affected: 8.2.161.0 Affected: 8.4.1.199 Affected: 8.4.100.0 Affected: 8.5.131.0 Affected: 8.7.1.16 Affected: 8.4.1.175 Affected: 8.3.141.0 Affected: 8.3.108.0 Affected: 8.2.111.0 Affected: 8.5.135.0 Affected: 8.2.160.0 Affected: 8.5.120.0 Affected: 8.6.1.84 Affected: 8.7.106.0 Affected: 8.6.1.70 Affected: 8.3.90.36 Affected: 8.10.113.0 Affected: 8.7.102.0 Affected: 8.2.130.0 Affected: 8.3.130.0 Affected: 8.2.110.0 Affected: 8.3.15.142 Affected: 8.3.111.0 Affected: 8.4.1.142 Affected: 8.6.1.71 Affected: 8.3.104.14 Affected: 8.8.125.0 Affected: 8.3.112.0 Affected: 8.2.151.0 Affected: 8.3.90.53 Affected: 8.3.102.0 Affected: 8.2.166.0 Affected: 8.2.164.0 Affected: 8.5.160.0 Affected: 8.3.15.165 Affected: 8.4.2.75 Affected: 8.3.90.58 Affected: 8.3.90.25 Affected: 8.2.141.0 Affected: 8.3.90.11 Affected: 8.3.15.169 Affected: 8.3.15.158 Affected: 8.3.15.25 Affected: 8.3.104.37 Affected: 8.4.1.91 Affected: 8.2.100.0 Affected: 8.2.121.0 Affected: 8.3.15.120 Affected: 8.3.15.118 Affected: 8.4.1.92 Affected: 8.3.200.200 Affected: 8.10.141.0 Affected: 8.10.142.0 Affected: 8.5.171.0 Affected: 8.10.150.0 Affected: 8.10.151.0 Affected: 8.5.164.0 Affected: 8.10.161.0 Affected: 8.10.162.0 Affected: 8.5.182.0 Affected: 8.10.171.0 Affected: 8.10.170.0 Affected: 8.10.180.0 Affected: 8.10.181.0 Affected: 8.10.182.0 Affected: 8.10.183.0 Affected: 8.10.185.0 Affected: 8.5.182.11 ME |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ap-dos-capwap-DDMCZS4m",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.9.111.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.105.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.2.130.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.4.2.75"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.2.100.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.180.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.185.0"
},
{
"status": "affected",
"version": "8.5.182.11 ME"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "17.1.2"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.12.2t"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1c"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.3.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.3.1.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.2.1.0"
},
{
"status": "affected",
"version": "10.1.1.0"
},
{
"status": "affected",
"version": "10.3.1.1"
},
{
"status": "affected",
"version": "10.4.1.0"
},
{
"status": "affected",
"version": "10.6.1.0"
},
{
"status": "affected",
"version": "10.1.2.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.7.1.0"
},
{
"status": "affected",
"version": "10.2.2.0"
},
{
"status": "affected",
"version": "0.0.0.0"
},
{
"status": "affected",
"version": "10.3.2.0"
},
{
"status": "affected",
"version": "10.4.2.0"
},
{
"status": "affected",
"version": "10.8.1.0"
},
{
"status": "affected",
"version": "10.5.2.0"
},
{
"status": "affected",
"version": "10.9.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T17:19:02.520Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ap-dos-capwap-DDMCZS4m",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m"
}
],
"source": {
"advisory": "cisco-sa-ap-dos-capwap-DDMCZS4m",
"defects": [
"CSCwe75371"
],
"discovery": "INTERNAL"
},
"title": "Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20268",
"datePublished": "2023-09-27T17:22:55.840Z",
"dateReserved": "2022-10-27T18:47:50.373Z",
"dateUpdated": "2024-12-12T17:19:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20003 (GCVE-0-2023-20003)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-25 15:58
VLAI?
Summary
A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:34:30.280035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:58:19.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ"
}
],
"source": {
"advisory": "cisco-sa-cbw-auth-bypass-ggnAfdZ",
"defect": [
[
"CSCwd07949"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20003",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-25T15:58:19.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1547 (GCVE-0-2021-1547)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:45 – Updated: 2024-11-08 21:15
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:06.991913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:15:51.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:45:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1547",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1547",
"datePublished": "2021-05-22T06:45:22.741067Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:15:51.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1548 (GCVE-0-2021-1548)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:45 – Updated: 2024-11-08 21:18
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:12.284761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:18:50.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:45:18",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1548",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1548",
"datePublished": "2021-05-22T06:45:18.614578Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:18:50.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1549 (GCVE-0-2021-1549)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:45 – Updated: 2024-11-08 21:19
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:14.165746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:19:07.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:45:14",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1549",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1549",
"datePublished": "2021-05-22T06:45:14.568881Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:19:07.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1555 (GCVE-0-2021-1555)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:40 – Updated: 2024-11-08 21:20
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:22.172588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:20:18.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:37",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1555",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1555",
"datePublished": "2021-05-22T06:40:37.495093Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:20:18.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1554 (GCVE-0-2021-1554)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:14
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:27.572886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:14:34.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:33",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1554",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1554",
"datePublished": "2021-05-22T06:40:33.590544Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:14:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1553 (GCVE-0-2021-1553)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:14
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:29.588722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:14:43.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:29",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1553",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1553",
"datePublished": "2021-05-22T06:40:29.787709Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:14:43.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1552 (GCVE-0-2021-1552)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:14
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:42.636928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:14:52.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1552",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1552",
"datePublished": "2021-05-22T06:40:25.929047Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:14:52.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1551 (GCVE-0-2021-1551)
Vulnerability from cvelistv5 – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:15
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:45.908749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:15:01.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1551",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1551",
"datePublished": "2021-05-22T06:40:22.215613Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:15:01.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20271 (GCVE-0-2024-20271)
Vulnerability from nvd – Published: 2024-03-27 17:05 – Updated: 2024-08-01 21:52
VLAI?
Summary
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software |
Affected:
8.2.100.0
Affected: 8.2.130.0 Affected: 8.2.111.0 Affected: 8.2.110.0 Affected: 8.2.121.0 Affected: 8.2.141.0 Affected: 8.2.151.0 Affected: 8.2.160.0 Affected: 8.2.161.0 Affected: 8.2.164.0 Affected: 8.2.166.0 Affected: 8.2.170.0 Affected: 8.2.163.0 Affected: 8.3.102.0 Affected: 8.3.111.0 Affected: 8.3.112.0 Affected: 8.3.121.0 Affected: 8.3.122.0 Affected: 8.3.130.0 Affected: 8.3.131.0 Affected: 8.3.132.0 Affected: 8.3.133.0 Affected: 8.3.140.0 Affected: 8.3.141.0 Affected: 8.3.143.0 Affected: 8.3.150.0 Affected: 8.3.108.0 Affected: 8.3.90.53 Affected: 8.3.104.46 Affected: 8.3.200.200 Affected: 8.3.104.64 Affected: 8.3.15.165 Affected: 8.3.90.11 Affected: 8.3.135.0 Affected: 8.3.104.14 Affected: 8.3.90.36 Affected: 8.3.15.142 Affected: 8.3.104.37 Affected: 8.3.15.117 Affected: 8.3.15.120 Affected: 8.3.15.25 Affected: 8.3.15.158 Affected: 8.3.15.118 Affected: 8.3.90.25 Affected: 8.3.15.169 Affected: 8.3.90.58 Affected: 8.4.100.0 Affected: 8.4.1.199 Affected: 8.4.1.91 Affected: 8.4.1.142 Affected: 8.4.1.175 Affected: 8.4.1.218 Affected: 8.4.1.92 Affected: 8.5.103.0 Affected: 8.5.105.0 Affected: 8.5.110.0 Affected: 8.5.120.0 Affected: 8.5.131.0 Affected: 8.5.140.0 Affected: 8.5.135.0 Affected: 8.5.151.0 Affected: 8.5.101.0 Affected: 8.5.102.0 Affected: 8.5.161.0 Affected: 8.5.160.0 Affected: 8.5.100.0 Affected: 8.5.171.0 Affected: 8.5.164.0 Affected: 8.5.182.0 Affected: 8.5.182.11 ME Affected: 8.7.102.0 Affected: 8.7.106.0 Affected: 8.7.1.16 Affected: 8.8.100.0 Affected: 8.8.111.0 Affected: 8.8.120.0 Affected: 8.8.125.0 Affected: 8.8.130.0 Affected: 8.6.101.0 Affected: 8.6.1.84 Affected: 8.6.1.70 Affected: 8.6.1.71 Affected: 8.9.100.0 Affected: 8.9.111.0 Affected: 8.10.105.0 Affected: 8.10.111.0 Affected: 8.10.130.0 Affected: 8.10.112.0 Affected: 8.10.122.0 Affected: 8.10.113.0 Affected: 8.10.121.0 Affected: 8.10.141.0 Affected: 8.10.142.0 Affected: 8.10.151.0 Affected: 8.10.150.0 Affected: 8.10.171.0 Affected: 8.10.181.0 Affected: 8.10.182.0 Affected: 8.10.161.0 Affected: 8.10.170.0 Affected: 8.10.183.0 Affected: 8.10.162.0 Affected: 8.10.185.0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.112.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.113.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.121.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.122.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.130.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.141.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.142.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.150.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.151.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.161.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.162.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.170.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.171.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.181.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.182.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.183.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.10.185.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2\\(100.0\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.110.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.121.0:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:aironet_access_point_software:8.2\\(130.0\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.141.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.151.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.160.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.161.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.163.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.166.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.170.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.102.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.37:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.46:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.104.64:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.108.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.112.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.121.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.122.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.130.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.132.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.133.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.135.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.140.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.141.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.143.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.150.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.117:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.118:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.120:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.142:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.158:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.165:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.169:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.15.25:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.200.200:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.25:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.36:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.53:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.3.90.58:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.142:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.175:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.199:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.218:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.91:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.4.1.92:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.101.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.102.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.103.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.105.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.110.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.120.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.135.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.140.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.151.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.160.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.161.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.171.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.5.182.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.101.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.70:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.71:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.6.1.84:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.7.102.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.7.106.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.7.1.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.111.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.120.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.125.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.8.130.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.9.100.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:aironet_access_point_software:8.9.111.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.185.0"
},
{
"status": "affected",
"version": "8.2\\(100.0\\)"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.2\\(130.0\\)"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.9.111.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T16:39:13.630340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T13:07:00.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:38.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ap-dos-h9TGGX6W",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.2.100.0"
},
{
"status": "affected",
"version": "8.2.130.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.5.182.11 ME"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.9.111.0"
},
{
"status": "affected",
"version": "8.10.105.0"
},
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.10.185.0"
}
]
},
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.1.1.0"
},
{
"status": "affected",
"version": "10.1.2.0"
},
{
"status": "affected",
"version": "10.2.1.0"
},
{
"status": "affected",
"version": "10.2.2.0"
},
{
"status": "affected",
"version": "10.3.1.0"
},
{
"status": "affected",
"version": "10.3.1.1"
},
{
"status": "affected",
"version": "10.3.2.0"
},
{
"status": "affected",
"version": "1.0.0.13"
},
{
"status": "affected",
"version": "1.0.0.16"
},
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.39"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.2"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.4"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.2.13"
},
{
"status": "affected",
"version": "1.0.2.14"
},
{
"status": "affected",
"version": "1.0.2.15"
},
{
"status": "affected",
"version": "1.0.2.16"
},
{
"status": "affected",
"version": "1.0.2.17"
},
{
"status": "affected",
"version": "1.0.2.2"
},
{
"status": "affected",
"version": "1.0.2.8"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.6.6"
},
{
"status": "affected",
"version": "1.0.3.4"
},
{
"status": "affected",
"version": "1.0.6.8"
},
{
"status": "affected",
"version": "1.0.6.2"
},
{
"status": "affected",
"version": "1.0.2.3"
},
{
"status": "affected",
"version": "1.0.5.3"
},
{
"status": "affected",
"version": "1.0.1.10"
},
{
"status": "affected",
"version": "1.0.4.2"
},
{
"status": "affected",
"version": "1.0.6.5"
},
{
"status": "affected",
"version": "1.0.6.7"
},
{
"status": "affected",
"version": "1.0.5.0"
},
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.12"
},
{
"status": "affected",
"version": "1.0.0.14"
},
{
"status": "affected",
"version": "1.0.0.15"
},
{
"status": "affected",
"version": "1.0.0.17"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.0.1.11"
},
{
"status": "affected",
"version": "1.0.1.12"
},
{
"status": "affected",
"version": "1.0.1.9"
},
{
"status": "affected",
"version": "1.0.2.6"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.4"
},
{
"status": "affected",
"version": "1.1.4.6"
},
{
"status": "affected",
"version": "1.1.3.2"
},
{
"status": "affected",
"version": "1.1.4.0"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "10.4.1.0"
},
{
"status": "affected",
"version": "10.4.2.0"
},
{
"status": "affected",
"version": "10.6.1.0"
},
{
"status": "affected",
"version": "10.7.1.0"
},
{
"status": "affected",
"version": "10.8.1.0"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
},
{
"status": "affected",
"version": "10.5.2.0"
}
]
},
{
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1c"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T17:05:27.473Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ap-dos-h9TGGX6W",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W"
}
],
"source": {
"advisory": "cisco-sa-ap-dos-h9TGGX6W",
"defects": [
"CSCwh00028"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20271",
"datePublished": "2024-03-27T17:05:27.473Z",
"dateReserved": "2023-11-08T15:08:07.624Z",
"dateUpdated": "2024-08-01T21:52:38.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20265 (GCVE-0-2024-20265)
Vulnerability from nvd – Published: 2024-03-27 17:03 – Updated: 2024-08-01 21:52
VLAI?
Summary
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.
Severity ?
5.9 (Medium)
CWE
- CWE-501 - Trust Boundary Violation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
N/A
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:8.2.100.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "8.10.185.0",
"status": "affected",
"version": "8.2.100.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:business_wireless_access_point_software:10.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_wireless_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "10.8.1.0",
"status": "affected",
"version": "10.0.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:16.10.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "17.11.1",
"status": "affected",
"version": "16.10.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:46:28.390425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:33:37.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.2.100.0"
},
{
"status": "affected",
"version": "8.2.130.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.5.182.11 ME"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.9.111.0"
},
{
"status": "affected",
"version": "8.10.105.0"
},
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.10.185.0"
}
]
},
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.1.1.0"
},
{
"status": "affected",
"version": "10.1.2.0"
},
{
"status": "affected",
"version": "10.2.1.0"
},
{
"status": "affected",
"version": "10.2.2.0"
},
{
"status": "affected",
"version": "10.3.1.0"
},
{
"status": "affected",
"version": "10.3.1.1"
},
{
"status": "affected",
"version": "10.3.2.0"
},
{
"status": "affected",
"version": "10.4.1.0"
},
{
"status": "affected",
"version": "10.4.2.0"
},
{
"status": "affected",
"version": "10.6.1.0"
},
{
"status": "affected",
"version": "10.6.2.0"
},
{
"status": "affected",
"version": "10.7.1.0"
},
{
"status": "affected",
"version": "10.8.1.0"
},
{
"status": "affected",
"version": "10.5.2.0"
}
]
},
{
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1c"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.\r\n\r This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "Trust Boundary Violation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T17:03:54.505Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
}
],
"source": {
"advisory": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
"defects": [
"CSCwf62026"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20265",
"datePublished": "2024-03-27T17:03:54.505Z",
"dateReserved": "2023-11-08T15:08:07.624Z",
"dateUpdated": "2024-08-01T21:52:31.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20336 (GCVE-0-2024-20336)
Vulnerability from nvd – Published: 2024-03-06 16:31 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
1.0.0.3
Affected: 1.0.0.4 Affected: 1.0.0.5 Affected: 1.0.0.7 Affected: 1.0.1.3 Affected: 1.0.1.5 Affected: 1.0.1.7 Affected: 1.0.2.0 Affected: 1.0.3.1 Affected: 1.0.4.4 Affected: 1.0.4.3 Affected: 1.0.5.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_access_points",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T05:00:32.901343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:37:49.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T17:07:15.946Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-multi-85G83CRB",
"defects": [
"CSCwi83951",
"CSCwi83952",
"CSCwi83953",
"CSCwi83957"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20336",
"datePublished": "2024-03-06T16:31:10.729Z",
"dateReserved": "2023-11-08T15:08:07.642Z",
"dateUpdated": "2024-08-01T21:59:41.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20335 (GCVE-0-2024-20335)
Vulnerability from nvd – Published: 2024-03-06 16:30 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
1.0.0.13
Affected: 1.0.0.16 Affected: 1.0.0.3 Affected: 1.0.0.4 Affected: 1.0.0.5 Affected: 1.0.0.7 Affected: 1.0.1.2 Affected: 1.0.1.3 Affected: 1.0.1.5 Affected: 1.0.1.6 Affected: 1.0.1.7 Affected: 1.0.2.0 Affected: 1.0.3.1 Affected: 1.0.4.4 Affected: 1.0.4.3 Affected: 1.0.1.10 Affected: 1.0.5.0 Affected: 1.0.0.10 Affected: 1.0.0.12 Affected: 1.0.0.14 Affected: 1.0.0.15 Affected: 1.0.0.17 Affected: 1.0.0.9 Affected: 1.0.1.11 Affected: 1.0.1.12 Affected: 1.0.1.9 Affected: 1.0.2.6 Affected: 1.1.0.5 Affected: 1.1.0.7 Affected: 1.1.0.9 Affected: 1.1.1.0 Affected: 1.1.2.4 Affected: 1.1.4.6 Affected: 1.1.3.2 Affected: 1.1.4.0 Affected: 1.1.0.3 Affected: 1.1.0.4 Affected: 1.1.0.6 Affected: 1.1.2.3 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1.3 Affected: 1.3.0.3 Affected: 1.3.0.4 Affected: 1.3.0.6 Affected: 1.3.0.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_wireless_access_point_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.12"
},
{
"status": "affected",
"version": "1.0.0.13"
},
{
"status": "affected",
"version": "1.0.0.14"
},
{
"status": "affected",
"version": "1.0.0.15"
},
{
"status": "affected",
"version": "1.0.0.16"
},
{
"status": "affected",
"version": "1.0.0.17"
},
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.0.1.10"
},
{
"status": "affected",
"version": "1.0.1.11"
},
{
"status": "affected",
"version": "1.0.1.12"
},
{
"status": "affected",
"version": "1.0.1.2"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.1.9"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.2.6"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.5.0"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "1.1.2.4"
},
{
"status": "affected",
"version": "1.1.3.2"
},
{
"status": "affected",
"version": "1.1.4.0"
},
{
"status": "affected",
"version": "1.1.4.6"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T14:42:02.782698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:07:27.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.13"
},
{
"status": "affected",
"version": "1.0.0.16"
},
{
"status": "affected",
"version": "1.0.0.3"
},
{
"status": "affected",
"version": "1.0.0.4"
},
{
"status": "affected",
"version": "1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.1.2"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.7"
},
{
"status": "affected",
"version": "1.0.2.0"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.4.4"
},
{
"status": "affected",
"version": "1.0.4.3"
},
{
"status": "affected",
"version": "1.0.1.10"
},
{
"status": "affected",
"version": "1.0.5.0"
},
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.12"
},
{
"status": "affected",
"version": "1.0.0.14"
},
{
"status": "affected",
"version": "1.0.0.15"
},
{
"status": "affected",
"version": "1.0.0.17"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.0.1.11"
},
{
"status": "affected",
"version": "1.0.1.12"
},
{
"status": "affected",
"version": "1.0.1.9"
},
{
"status": "affected",
"version": "1.0.2.6"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.4"
},
{
"status": "affected",
"version": "1.1.4.6"
},
{
"status": "affected",
"version": "1.1.3.2"
},
{
"status": "affected",
"version": "1.1.4.0"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T17:06:13.554Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-wap-multi-85G83CRB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-multi-85G83CRB",
"defects": [
"CSCwi78277",
"CSCwi83948",
"CSCwi78254",
"CSCwi78271"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20335",
"datePublished": "2024-03-06T16:30:39.235Z",
"dateReserved": "2023-11-08T15:08:07.642Z",
"dateUpdated": "2024-08-01T21:59:41.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20287 (GCVE-0-2024-20287)
Vulnerability from nvd – Published: 2024-01-17 16:58 – Updated: 2025-06-02 15:05
VLAI?
Summary
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.
Severity ?
6.5 (Medium)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
1.0.1.5
Affected: 1.0.0.10 Affected: 1.0.0.9 Affected: 1.1.2.3 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1.3 Affected: 1.3.0.3 Affected: 1.3.0.4 Affected: 1.3.0.6 Affected: 1.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-wap-inject-bHStWgXO",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:46:56.632251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:05:08.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1.5"
},
{
"status": "affected",
"version": "1.0.0.10"
},
{
"status": "affected",
"version": "1.0.0.9"
},
{
"status": "affected",
"version": "1.1.2.3"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1.3"
},
{
"status": "affected",
"version": "1.3.0.3"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.6"
},
{
"status": "affected",
"version": "1.3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:45.536Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-wap-inject-bHStWgXO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-bHStWgXO",
"defects": [
"CSCwi22632"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20287",
"datePublished": "2024-01-17T16:58:01.192Z",
"dateReserved": "2023-11-08T15:08:07.626Z",
"dateUpdated": "2025-06-02T15:05:08.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20268 (GCVE-0-2023-20268)
Vulnerability from nvd – Published: 2023-09-27 17:22 – Updated: 2024-12-12 17:19
VLAI?
Summary
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.
This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.
Severity ?
4.7 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software |
Affected:
8.3.135.0
Affected: 8.3.140.0 Affected: 8.8.111.0 Affected: 8.5.151.0 Affected: 8.3.104.46 Affected: 8.10.121.0 Affected: 8.4.1.218 Affected: 8.3.122.0 Affected: 8.8.100.0 Affected: 8.3.131.0 Affected: 8.5.140.0 Affected: 8.3.132.0 Affected: 8.5.100.0 Affected: 8.5.103.0 Affected: 8.3.133.0 Affected: 8.3.150.0 Affected: 8.5.101.0 Affected: 8.5.105.0 Affected: 8.10.122.0 Affected: 8.8.130.0 Affected: 8.10.112.0 Affected: 8.3.143.0 Affected: 8.8.120.0 Affected: 8.9.111.0 Affected: 8.5.102.0 Affected: 8.5.161.0 Affected: 8.3.121.0 Affected: 8.9.100.0 Affected: 8.10.111.0 Affected: 8.2.170.0 Affected: 8.2.163.0 Affected: 8.10.130.0 Affected: 8.10.105.0 Affected: 8.6.101.0 Affected: 8.3.104.64 Affected: 8.3.15.117 Affected: 8.5.110.0 Affected: 8.2.161.0 Affected: 8.4.1.199 Affected: 8.4.100.0 Affected: 8.5.131.0 Affected: 8.7.1.16 Affected: 8.4.1.175 Affected: 8.3.141.0 Affected: 8.3.108.0 Affected: 8.2.111.0 Affected: 8.5.135.0 Affected: 8.2.160.0 Affected: 8.5.120.0 Affected: 8.6.1.84 Affected: 8.7.106.0 Affected: 8.6.1.70 Affected: 8.3.90.36 Affected: 8.10.113.0 Affected: 8.7.102.0 Affected: 8.2.130.0 Affected: 8.3.130.0 Affected: 8.2.110.0 Affected: 8.3.15.142 Affected: 8.3.111.0 Affected: 8.4.1.142 Affected: 8.6.1.71 Affected: 8.3.104.14 Affected: 8.8.125.0 Affected: 8.3.112.0 Affected: 8.2.151.0 Affected: 8.3.90.53 Affected: 8.3.102.0 Affected: 8.2.166.0 Affected: 8.2.164.0 Affected: 8.5.160.0 Affected: 8.3.15.165 Affected: 8.4.2.75 Affected: 8.3.90.58 Affected: 8.3.90.25 Affected: 8.2.141.0 Affected: 8.3.90.11 Affected: 8.3.15.169 Affected: 8.3.15.158 Affected: 8.3.15.25 Affected: 8.3.104.37 Affected: 8.4.1.91 Affected: 8.2.100.0 Affected: 8.2.121.0 Affected: 8.3.15.120 Affected: 8.3.15.118 Affected: 8.4.1.92 Affected: 8.3.200.200 Affected: 8.10.141.0 Affected: 8.10.142.0 Affected: 8.5.171.0 Affected: 8.10.150.0 Affected: 8.10.151.0 Affected: 8.5.164.0 Affected: 8.10.161.0 Affected: 8.10.162.0 Affected: 8.5.182.0 Affected: 8.10.171.0 Affected: 8.10.170.0 Affected: 8.10.180.0 Affected: 8.10.181.0 Affected: 8.10.182.0 Affected: 8.10.183.0 Affected: 8.10.185.0 Affected: 8.5.182.11 ME |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ap-dos-capwap-DDMCZS4m",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.3.135.0"
},
{
"status": "affected",
"version": "8.3.140.0"
},
{
"status": "affected",
"version": "8.8.111.0"
},
{
"status": "affected",
"version": "8.5.151.0"
},
{
"status": "affected",
"version": "8.3.104.46"
},
{
"status": "affected",
"version": "8.10.121.0"
},
{
"status": "affected",
"version": "8.4.1.218"
},
{
"status": "affected",
"version": "8.3.122.0"
},
{
"status": "affected",
"version": "8.8.100.0"
},
{
"status": "affected",
"version": "8.3.131.0"
},
{
"status": "affected",
"version": "8.5.140.0"
},
{
"status": "affected",
"version": "8.3.132.0"
},
{
"status": "affected",
"version": "8.5.100.0"
},
{
"status": "affected",
"version": "8.5.103.0"
},
{
"status": "affected",
"version": "8.3.133.0"
},
{
"status": "affected",
"version": "8.3.150.0"
},
{
"status": "affected",
"version": "8.5.101.0"
},
{
"status": "affected",
"version": "8.5.105.0"
},
{
"status": "affected",
"version": "8.10.122.0"
},
{
"status": "affected",
"version": "8.8.130.0"
},
{
"status": "affected",
"version": "8.10.112.0"
},
{
"status": "affected",
"version": "8.3.143.0"
},
{
"status": "affected",
"version": "8.8.120.0"
},
{
"status": "affected",
"version": "8.9.111.0"
},
{
"status": "affected",
"version": "8.5.102.0"
},
{
"status": "affected",
"version": "8.5.161.0"
},
{
"status": "affected",
"version": "8.3.121.0"
},
{
"status": "affected",
"version": "8.9.100.0"
},
{
"status": "affected",
"version": "8.10.111.0"
},
{
"status": "affected",
"version": "8.2.170.0"
},
{
"status": "affected",
"version": "8.2.163.0"
},
{
"status": "affected",
"version": "8.10.130.0"
},
{
"status": "affected",
"version": "8.10.105.0"
},
{
"status": "affected",
"version": "8.6.101.0"
},
{
"status": "affected",
"version": "8.3.104.64"
},
{
"status": "affected",
"version": "8.3.15.117"
},
{
"status": "affected",
"version": "8.5.110.0"
},
{
"status": "affected",
"version": "8.2.161.0"
},
{
"status": "affected",
"version": "8.4.1.199"
},
{
"status": "affected",
"version": "8.4.100.0"
},
{
"status": "affected",
"version": "8.5.131.0"
},
{
"status": "affected",
"version": "8.7.1.16"
},
{
"status": "affected",
"version": "8.4.1.175"
},
{
"status": "affected",
"version": "8.3.141.0"
},
{
"status": "affected",
"version": "8.3.108.0"
},
{
"status": "affected",
"version": "8.2.111.0"
},
{
"status": "affected",
"version": "8.5.135.0"
},
{
"status": "affected",
"version": "8.2.160.0"
},
{
"status": "affected",
"version": "8.5.120.0"
},
{
"status": "affected",
"version": "8.6.1.84"
},
{
"status": "affected",
"version": "8.7.106.0"
},
{
"status": "affected",
"version": "8.6.1.70"
},
{
"status": "affected",
"version": "8.3.90.36"
},
{
"status": "affected",
"version": "8.10.113.0"
},
{
"status": "affected",
"version": "8.7.102.0"
},
{
"status": "affected",
"version": "8.2.130.0"
},
{
"status": "affected",
"version": "8.3.130.0"
},
{
"status": "affected",
"version": "8.2.110.0"
},
{
"status": "affected",
"version": "8.3.15.142"
},
{
"status": "affected",
"version": "8.3.111.0"
},
{
"status": "affected",
"version": "8.4.1.142"
},
{
"status": "affected",
"version": "8.6.1.71"
},
{
"status": "affected",
"version": "8.3.104.14"
},
{
"status": "affected",
"version": "8.8.125.0"
},
{
"status": "affected",
"version": "8.3.112.0"
},
{
"status": "affected",
"version": "8.2.151.0"
},
{
"status": "affected",
"version": "8.3.90.53"
},
{
"status": "affected",
"version": "8.3.102.0"
},
{
"status": "affected",
"version": "8.2.166.0"
},
{
"status": "affected",
"version": "8.2.164.0"
},
{
"status": "affected",
"version": "8.5.160.0"
},
{
"status": "affected",
"version": "8.3.15.165"
},
{
"status": "affected",
"version": "8.4.2.75"
},
{
"status": "affected",
"version": "8.3.90.58"
},
{
"status": "affected",
"version": "8.3.90.25"
},
{
"status": "affected",
"version": "8.2.141.0"
},
{
"status": "affected",
"version": "8.3.90.11"
},
{
"status": "affected",
"version": "8.3.15.169"
},
{
"status": "affected",
"version": "8.3.15.158"
},
{
"status": "affected",
"version": "8.3.15.25"
},
{
"status": "affected",
"version": "8.3.104.37"
},
{
"status": "affected",
"version": "8.4.1.91"
},
{
"status": "affected",
"version": "8.2.100.0"
},
{
"status": "affected",
"version": "8.2.121.0"
},
{
"status": "affected",
"version": "8.3.15.120"
},
{
"status": "affected",
"version": "8.3.15.118"
},
{
"status": "affected",
"version": "8.4.1.92"
},
{
"status": "affected",
"version": "8.3.200.200"
},
{
"status": "affected",
"version": "8.10.141.0"
},
{
"status": "affected",
"version": "8.10.142.0"
},
{
"status": "affected",
"version": "8.5.171.0"
},
{
"status": "affected",
"version": "8.10.150.0"
},
{
"status": "affected",
"version": "8.10.151.0"
},
{
"status": "affected",
"version": "8.5.164.0"
},
{
"status": "affected",
"version": "8.10.161.0"
},
{
"status": "affected",
"version": "8.10.162.0"
},
{
"status": "affected",
"version": "8.5.182.0"
},
{
"status": "affected",
"version": "8.10.171.0"
},
{
"status": "affected",
"version": "8.10.170.0"
},
{
"status": "affected",
"version": "8.10.180.0"
},
{
"status": "affected",
"version": "8.10.181.0"
},
{
"status": "affected",
"version": "8.10.182.0"
},
{
"status": "affected",
"version": "8.10.183.0"
},
{
"status": "affected",
"version": "8.10.185.0"
},
{
"status": "affected",
"version": "8.5.182.11 ME"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "17.1.2"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.12.2t"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1c"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.3.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.3.1.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.2.1.0"
},
{
"status": "affected",
"version": "10.1.1.0"
},
{
"status": "affected",
"version": "10.3.1.1"
},
{
"status": "affected",
"version": "10.4.1.0"
},
{
"status": "affected",
"version": "10.6.1.0"
},
{
"status": "affected",
"version": "10.1.2.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.7.1.0"
},
{
"status": "affected",
"version": "10.2.2.0"
},
{
"status": "affected",
"version": "0.0.0.0"
},
{
"status": "affected",
"version": "10.3.2.0"
},
{
"status": "affected",
"version": "10.4.2.0"
},
{
"status": "affected",
"version": "10.8.1.0"
},
{
"status": "affected",
"version": "10.5.2.0"
},
{
"status": "affected",
"version": "10.9.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T17:19:02.520Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ap-dos-capwap-DDMCZS4m",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m"
}
],
"source": {
"advisory": "cisco-sa-ap-dos-capwap-DDMCZS4m",
"defects": [
"CSCwe75371"
],
"discovery": "INTERNAL"
},
"title": "Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20268",
"datePublished": "2023-09-27T17:22:55.840Z",
"dateReserved": "2022-10-27T18:47:50.373Z",
"dateUpdated": "2024-12-12T17:19:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20003 (GCVE-0-2023-20003)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-25 15:58
VLAI?
Summary
A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:34:30.280035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:58:19.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ"
}
],
"source": {
"advisory": "cisco-sa-cbw-auth-bypass-ggnAfdZ",
"defect": [
[
"CSCwd07949"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20003",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-25T15:58:19.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1547 (GCVE-0-2021-1547)
Vulnerability from nvd – Published: 2021-05-22 06:45 – Updated: 2024-11-08 21:15
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:06.991913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:15:51.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:45:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1547",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1547",
"datePublished": "2021-05-22T06:45:22.741067Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:15:51.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1548 (GCVE-0-2021-1548)
Vulnerability from nvd – Published: 2021-05-22 06:45 – Updated: 2024-11-08 21:18
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:12.284761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:18:50.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:45:18",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1548",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1548",
"datePublished": "2021-05-22T06:45:18.614578Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:18:50.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1549 (GCVE-0-2021-1549)
Vulnerability from nvd – Published: 2021-05-22 06:45 – Updated: 2024-11-08 21:19
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:14.165746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:19:07.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:45:14",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1549",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1549",
"datePublished": "2021-05-22T06:45:14.568881Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:19:07.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1555 (GCVE-0-2021-1555)
Vulnerability from nvd – Published: 2021-05-22 06:40 – Updated: 2024-11-08 21:20
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:22.172588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:20:18.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:37",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1555",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1555",
"datePublished": "2021-05-22T06:40:37.495093Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T21:20:18.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1554 (GCVE-0-2021-1554)
Vulnerability from nvd – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:14
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:27.572886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:14:34.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:33",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1554",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1554",
"datePublished": "2021-05-22T06:40:33.590544Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:14:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1553 (GCVE-0-2021-1553)
Vulnerability from nvd – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:14
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:29.588722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:14:43.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:29",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1553",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1553",
"datePublished": "2021-05-22T06:40:29.787709Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:14:43.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1552 (GCVE-0-2021-1552)
Vulnerability from nvd – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:14
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:42.636928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:14:52.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1552",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1552",
"datePublished": "2021-05-22T06:40:25.929047Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:14:52.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1551 (GCVE-0-2021-1551)
Vulnerability from nvd – Published: 2021-05-22 06:40 – Updated: 2024-11-08 23:15
VLAI?
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Business Wireless Access Point Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:42:45.908749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:15:01.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Business Wireless Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T06:40:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
],
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-19T16:00:00",
"ID": "CVE-2021-1551",
"STATE": "PUBLIC",
"TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Business Wireless Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210519 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG"
}
]
},
"source": {
"advisory": "cisco-sa-sb-wap-inject-Mp9FSdG",
"defect": [
[
"CSCvx46599"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1551",
"datePublished": "2021-05-22T06:40:22.215613Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:15:01.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}