Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1419

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 84 products from cisco, from cisco, from cisco and 81 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-09-23T03:15:07.697

Last Modified

2024-11-21T05:44:19.193

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	aironet_1542d_firmware	-	Yes
Hardware	cisco	aironet_1542d	-	No
Operating System	cisco	aironet_1562d_firmware	-	Yes
Hardware	cisco	aironet_1562d	-	No
Operating System	cisco	aironet_1815m_firmware	-	Yes
Hardware	cisco	aironet_1815m	-	No
Operating System	cisco	aironet_1830e_firmware	-	Yes
Hardware	cisco	aironet_1830e	-	No
Operating System	cisco	aironet_1840i_firmware	-	Yes
Hardware	cisco	aironet_1840i	-	No
Operating System	cisco	aironet_1850e_firmware	-	Yes
Hardware	cisco	aironet_1850e	-	No
Operating System	cisco	aironet_2800i_firmware	-	Yes
Hardware	cisco	aironet_2800i	-	No
Operating System	cisco	aironet_3800p_firmware	-	Yes
Hardware	cisco	aironet_3800p	-	No
Operating System	cisco	aironet_4800_firmware	-	Yes
Hardware	cisco	aironet_4800	-	No
Operating System	cisco	catalyst_9105axi_firmware	-	Yes
Hardware	cisco	catalyst_9105axi	-	No
Operating System	cisco	catalyst_9115axe_firmware	-	Yes
Hardware	cisco	catalyst_9115axe	-	No
Operating System	cisco	catalyst_9117_firmware	-	Yes
Hardware	cisco	catalyst_9117axi	-	No
Operating System	cisco	catalyst_9120axi_firmware	-	Yes
Hardware	cisco	catalyst_9120axi	-	No
Operating System	cisco	catalyst_9124axd_firmware	-	Yes
Hardware	cisco	catalyst_9124axd	-	No
Operating System	cisco	catalyst_9130axe_firmware	-	Yes
Hardware	cisco	catalyst_9130axe	-	No
Operating System	cisco	catalyst_iw6300_ac_firmware	-	Yes
Hardware	cisco	catalyst_iw6300_ac	-	No
Operating System	cisco	esw6300_firmware	-	Yes
Hardware	cisco	esw6300	-	No
Operating System	cisco	1100-8p_firmware	-	Yes
Hardware	cisco	1100-8p	-	No
Operating System	cisco	1120_firmware	-	Yes
Hardware	cisco	1120	-	No
Operating System	cisco	1160_firmware	-	Yes
Hardware	cisco	1160_integrated_services_router	-	No
Application	cisco	wireless_lan_controller_software	< 8.10.151.0	Yes
Operating System	cisco	catalyst_9800_firmware	< 16.12.6	Yes
Operating System	cisco	catalyst_9800_firmware	< 17.3.3	Yes
Operating System	cisco	catalyst_9800_firmware	17.4	Yes
Hardware	cisco	catalyst_9800-l	-	No
Operating System	cisco	aironet_1542i_firmware	-	Yes
Hardware	cisco	aironet_1542i	-	No
Operating System	cisco	catalyst_9800_firmware	< 16.12.6	Yes
Operating System	cisco	catalyst_9800_firmware	< 17.3.3	Yes
Operating System	cisco	catalyst_9800_firmware	17.4	Yes
Hardware	cisco	catalyst_9800-cl	-	No
Operating System	cisco	catalyst_9800_firmware	< 16.12.6	Yes
Operating System	cisco	catalyst_9800_firmware	< 17.3.3	Yes
Operating System	cisco	catalyst_9800_firmware	17.4	Yes
Hardware	cisco	catalyst_9800-40	-	No
Operating System	cisco	catalyst_9800_firmware	< 16.12.6	Yes
Operating System	cisco	catalyst_9800_firmware	< 17.3.3	Yes
Operating System	cisco	catalyst_9800_firmware	17.4	Yes
Hardware	cisco	catalyst_9800-80	-	No
Operating System	cisco	aironet_1562e_firmware	-	Yes
Hardware	cisco	aironet_1562e	-	No
Operating System	cisco	aironet_1562i_firmware	-	Yes
Hardware	cisco	aironet_1562i	-	No
Operating System	cisco	aironet_1815w_firmware	-	Yes
Hardware	cisco	aironet_1815w	-	No
Operating System	cisco	aironet_1815t_firmware	-	Yes
Hardware	cisco	aironet_1815t	-	No
Operating System	cisco	aironet_1815i_firmware	-	Yes
Hardware	cisco	aironet_1815i	-	No
Operating System	cisco	aironet_1830i_firmware	-	Yes
Hardware	cisco	aironet_1830i	-	No
Operating System	cisco	aironet_1850i_firmware	-	Yes
Hardware	cisco	aironet_1850i	-	No
Operating System	cisco	aironet_2800e_firmware	-	Yes
Hardware	cisco	aironet_2800e	-	No
Operating System	cisco	aironet_3800i_firmware	-	Yes
Hardware	cisco	aironet_3800i	-	No
Operating System	cisco	aironet_3800e_firmware	-	Yes
Hardware	cisco	aironet_3800e	-	No
Operating System	cisco	catalyst_9105axw_firmware	-	Yes
Hardware	cisco	catalyst_9105axw	-	No
Operating System	cisco	catalyst_9115axi_firmware	-	Yes
Hardware	cisco	catalyst_9115axi	-	No
Operating System	cisco	catalyst_9120axp_firmware	-	Yes
Hardware	cisco	catalyst_9120axp	-	No
Operating System	cisco	catalyst_9120axe_firmware	-	Yes
Hardware	cisco	catalyst_9120axe	-	No
Operating System	cisco	catalyst_9124axi_firmware	-	Yes
Hardware	cisco	catalyst_9124axi	-	No
Operating System	cisco	catalyst_9130axi_firmware	-	Yes
Hardware	cisco	catalyst_9130axi	-	No
Operating System	cisco	catalyst_iw6300_dc_firmware	-	Yes
Hardware	cisco	catalyst_iw6300_dc	-	No
Operating System	cisco	catalyst_iw6300_dcw_firmware	-	Yes
Hardware	cisco	catalyst_iw6300_dcw	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv Patch, Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.