CVE-2021-1419: Cisco Access Points SSH Management Privilege Escalation Vulnerability
First published: Thu Sep 23 2021(Updated: )
A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Aironet 1542D | ||
| Cisco Aironet 1542D | ||
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1830E Firmware | ||
| Cisco Aironet 1830E Firmware | ||
| Cisco Aironet 1840i Firmware | ||
| Cisco Aironet 1840i Firmware | ||
| Cisco Aironet 1850E Firmware | ||
| Cisco Aironet 1850e Access Point | ||
| Cisco Aironet 2800 Firmware | ||
| Cisco Aironet 2800 Firmware | ||
| Cisco Aironet 3800 Firmware | ||
| Cisco Aironet 3800P Firmware | ||
| Cisco Aironet 4800 Firmware | ||
| Cisco Aironet 4800 Firmware | ||
| Cisco Catalyst 9105 Firmware | ||
| Cisco Catalyst 9105 Firmware | ||
| Cisco Catalyst 9115 AP Firmware | ||
| Cisco Catalyst 9115 AP Firmware | ||
| Cisco Catalyst 9117 Firmware | ||
| Cisco Catalyst 9117AX | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst IW6300 AC Firmware | ||
| Cisco Catalyst IW6300 | ||
| Cisco ESW-6300-CON-X-K9 Firmware | ||
| Cisco ESW6300 Firmware | ||
| Cisco 1100 Firmware | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1120 Firmware | ||
| Cisco 1120 Firmware | ||
| Cisco 1160 Firmware | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco Wireless LAN Controller (WLC) Software | >=8.10<8.10.151.0 | |
| Cisco Catalyst 9800-cl firmware | >=16.12<16.12.6 | |
| Cisco Catalyst 9800-cl firmware | >=17.3<17.3.3 | |
| Cisco Catalyst 9800-cl firmware | =17.4 | |
| Cisco Catalyst 9800-L | ||
| Cisco Aironet 1542i Firmware | ||
| Cisco Aironet 1542i Firmware | ||
| Cisco Catalyst 9800-CL | ||
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Aironet 1562E | ||
| Cisco Aironet 1562E Firmware | ||
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1830i Firmware | ||
| Cisco Aironet 1830i Access Point | ||
| Cisco Aironet 1850i Firmware | ||
| Cisco Aironet 1850i Access Point | ||
| Cisco Aironet 2800e Firmware | ||
| Cisco Aironet 2800e Firmware | ||
| Cisco Aironet 3800 Firmware | ||
| Cisco Aironet 3800 Firmware | ||
| Cisco Aironet 3800 Firmware | ||
| Cisco Aironet 3800E Firmware | ||
| Cisco Catalyst 9105 Firmware | ||
| Cisco Catalyst 9105AX | ||
| Cisco Catalyst 9115AXI | ||
| Cisco Catalyst 9115AXI Firmware | ||
| Cisco Catalyst 9120 Access Point Firmware | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9120 Access Point Firmware | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst IW6300 DC Firmware | ||
| Cisco Catalyst IW6300 | ||
| Cisco Catalyst IW6300 DCW Firmware | ||
| Cisco Catalyst IW6300 |
Remedy
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-1419?
CVE-2021-1419 is classified as a high severity vulnerability.
How do I fix CVE-2021-1419?
To mitigate CVE-2021-1419, it is recommended to update affected Cisco Access Points to the latest firmware version.
What devices are affected by CVE-2021-1419?
The affected devices include various Cisco Access Points like Aironet 1542D, 1562, 1815M, and others.
What is the impact of CVE-2021-1419?
CVE-2021-1419 allows a local, authenticated user to modify files on the device and potentially escalate their privileges.
Is CVE-2021-1419 exploitable remotely?
No, CVE-2021-1419 is a local vulnerability and requires authentication to exploit.
- agent/type
- agent/remedy
- agent/weakness
- agent/references
- agent/description
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/cisco
- canonical/cisco aironet 1542d
- canonical/cisco aironet 1562 firmware
- canonical/cisco aironet 1815 firmware
- canonical/cisco aironet 1830e firmware
- canonical/cisco aironet 1840i firmware
- canonical/cisco aironet 1850e firmware
- canonical/cisco aironet 1850e access point
- canonical/cisco aironet 2800 firmware
- canonical/cisco aironet 3800 firmware
- canonical/cisco aironet 3800p firmware
- canonical/cisco aironet 4800 firmware
- canonical/cisco catalyst 9105 firmware
- canonical/cisco catalyst 9115 ap firmware
- canonical/cisco catalyst 9117 firmware
- canonical/cisco catalyst 9117ax
- canonical/cisco catalyst 9120 firmware
- canonical/cisco catalyst 9124 firmware
- canonical/cisco catalyst 9130 firmware
- canonical/cisco catalyst iw6300 ac firmware
- canonical/cisco catalyst iw6300
- canonical/cisco esw-6300-con-x-k9 firmware
- canonical/cisco esw6300 firmware
- canonical/cisco 1100 firmware
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1120 firmware
- canonical/cisco 1160 firmware
- canonical/cisco 1160 integrated services router
- canonical/cisco wireless lan controller (wlc) software
- version/cisco wireless lan controller (wlc) software/8.10
- canonical/cisco catalyst 9800-cl firmware
- version/cisco catalyst 9800-cl firmware/16.12
- version/cisco catalyst 9800-cl firmware/17.3
- version/cisco catalyst 9800-cl firmware/17.4
- canonical/cisco catalyst 9800-l
- canonical/cisco aironet 1542i firmware
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco aironet 1562e
- canonical/cisco aironet 1562e firmware
- canonical/cisco aironet 1830i firmware
- canonical/cisco aironet 1830i access point
- canonical/cisco aironet 1850i firmware
- canonical/cisco aironet 1850i access point
- canonical/cisco aironet 2800e firmware
- canonical/cisco aironet 3800e firmware
- canonical/cisco catalyst 9105ax
- canonical/cisco catalyst 9115axi
- canonical/cisco catalyst 9115axi firmware
- canonical/cisco catalyst 9120 access point firmware
- canonical/cisco catalyst iw6300 dc firmware
- canonical/cisco catalyst iw6300 dcw firmware