CVE-2021-1437: Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability
First published: Wed Mar 24 2021(Updated: )
A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Access Point Software | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco Aironet 1540 | ||
| Cisco Aironet 1560 | ||
| Cisco Aironet 1800 | ||
| Cisco Aironet 2800 | ||
| Cisco Aironet 3800 | ||
| Cisco Aironet 4800 | ||
| Cisco Catalyst 9100 | ||
| Cisco Catalyst Iw6300 | ||
| Cisco Esw6300 | ||
| Cisco Catalyst 9800 Firmware | >=17.1<17.3.3 | |
| Cisco Catalyst 9800 Series Routers | ||
| Cisco Wireless LAN Controller Software | >=8.10.112.0<8.10.142.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-1437.
What is the severity of CVE-2021-1437?
The severity of CVE-2021-1437 is high with a CVSS score of 7.5.
What is affected by CVE-2021-1437?
Cisco Aironet Series Access Points Software is affected by CVE-2021-1437.
How does CVE-2021-1437 impact the affected device?
CVE-2021-1437 allows an unauthenticated, remote attacker to obtain confidential information from the affected device.
Is there a fix available for CVE-2021-1437?
Yes, Cisco has released a software update to address the vulnerability.
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/severity
- agent/title
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco access point software
- canonical/cisco 1100 integrated services router
- canonical/cisco aironet 1540
- canonical/cisco aironet 1560
- canonical/cisco aironet 1800
- canonical/cisco aironet 2800
- canonical/cisco aironet 3800
- canonical/cisco aironet 4800
- canonical/cisco catalyst 9100
- canonical/cisco catalyst iw6300
- canonical/cisco esw6300
- canonical/cisco catalyst 9800 firmware
- version/cisco catalyst 9800 firmware/17.1
- canonical/cisco catalyst 9800 series routers
- canonical/cisco wireless lan controller software
- version/cisco wireless lan controller software/8.10.112.0