cve-2021-1400
Vulnerability from cvelistv5
Published
2021-05-06 12:42
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities
References
▼ | URL | Tags | |
---|---|---|---|
ykramarz@cisco.com | http://jvn.jp/en/jp/JVN71263107/index.html | Third Party Advisory | |
ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF | Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Business Wireless Access Point Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-14T04:06:11", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ], "source": { "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [ [ "CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000" ] ], "discovery": "INTERNAL" }, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00", "ID": "CVE-2021-1400", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Business Wireless Access Point Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF" }, { "name": "JVN#71263107", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN71263107/index.html" } ] }, "source": { "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [ [ "CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1400", "datePublished": "2021-05-06T12:42:39.308636Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-09-16T19:14:20.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-1400\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2021-05-06T13:15:09.983\",\"lastModified\":\"2023-11-07T03:28:13.120\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de determinados Wireless Access Points de Cisco Small Business 100, 300, and 500 Series, podr\u00edan permitir a un atacante remoto autenticado conseguir informaci\u00f3n confidencial o inyectar comandos arbitrarios en un dispositivo afectado.\u0026#xa0;Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.3.1\",\"matchCriteriaId\":\"FA84E503-E035-44D6-8742-02953CFA6A70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECA8468-5D7D-46DD-A967-E7EDA5FE8D4C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.2.17\",\"matchCriteriaId\":\"AA272A22-8CDA-4F6A-B39F-40CF3FE25500\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B3B7126-28E1-42F8-98CF-0EC156BE68D7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.2.4\",\"matchCriteriaId\":\"21FF39B7-E738-4892-9F94-12EE46E0323A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAB01CB7-C5BB-49D6-85A7-CECED514C7CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.2.17\",\"matchCriteriaId\":\"75164093-946B-49B5-922E-EBBA56A9088A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9917176-E908-4110-A641-FED1DFF41C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.2.4\",\"matchCriteriaId\":\"3CCE33DA-DB97-4C04-BB34-3757FAF4592C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49477A11-78C3-4EEA-899E-5E4623D38068\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.3.1\",\"matchCriteriaId\":\"A274C297-CB27-460B-9177-F11326B31CB8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C857E391-3C62-4F37-BD86-7184F79B89B7\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN71263107/index.html\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.