7.8
HIGH
CVE-2021-1419
Cisco Access Points SSH File Modification Privilege Escalation Vulnerability
Description

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.

INFO

Published Date :

Sept. 23, 2021, 3:15 a.m.

Last Modified :

Nov. 7, 2023, 3:28 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-1419 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco aironet_1542i_firmware
2 Cisco aironet_1542d_firmware
3 Cisco aironet_1562i_firmware
4 Cisco aironet_1562e_firmware
5 Cisco aironet_1562d_firmware
6 Cisco aironet_2800i_firmware
7 Cisco aironet_2800e_firmware
8 Cisco aironet_3800i_firmware
9 Cisco aironet_3800e_firmware
10 Cisco aironet_3800p_firmware
11 Cisco aironet_4800_firmware
12 Cisco wireless_lan_controller_software
13 Cisco aironet_1815m_firmware
14 Cisco aironet_1830e_firmware
15 Cisco aironet_1840i_firmware
16 Cisco aironet_1850e_firmware
17 Cisco catalyst_9105axi_firmware
18 Cisco catalyst_9115axe_firmware
19 Cisco catalyst_9117_firmware
20 Cisco catalyst_9120axi_firmware
21 Cisco catalyst_9124axd_firmware
22 Cisco catalyst_9130axe_firmware
23 Cisco catalyst_iw6300_ac_firmware
24 Cisco esw6300_firmware
25 Cisco 1100-8p_firmware
26 Cisco 1120_firmware
27 Cisco 1160_firmware
28 Cisco catalyst_9800_firmware
29 Cisco aironet_1815w_firmware
30 Cisco aironet_1815t_firmware
31 Cisco aironet_1815i_firmware
32 Cisco aironet_1830i_firmware
33 Cisco aironet_1850i_firmware
34 Cisco catalyst_9105axw_firmware
35 Cisco catalyst_9115axi_firmware
36 Cisco catalyst_9120axp_firmware
37 Cisco catalyst_9120axe_firmware
38 Cisco catalyst_9124axi_firmware
39 Cisco catalyst_9130axi_firmware
40 Cisco catalyst_iw6300_dc_firmware
41 Cisco catalyst_iw6300_dcw_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-1419.

URL Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-1419 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-1419 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Removed CVSS V3 Cisco Systems, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 Cisco Systems, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Reanalysis by [email protected]

    Oct. 03, 2023

    Action Type Old Value New Value
    Changed CPE Configuration AND OR *cpe:2.3:o:cisco:esw-6300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:esw-6300:-:*:*:*:*:*:*:* AND OR *cpe:2.3:o:cisco:esw6300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:esw6300:-:*:*:*:*:*:*:*
    Changed CPE Configuration AND OR *cpe:2.3:o:cisco:1160_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:1160:-:*:*:*:*:*:*:* AND OR *cpe:2.3:o:cisco:1160_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*
  • Reanalysis by [email protected]

    Jul. 08, 2022

    Action Type Old Value New Value
    Removed CWE NIST CWE-269
    Added CWE NIST NVD-CWE-Other
  • Initial Analysis by [email protected]

    Sep. 30, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv No Types Assigned https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv Patch, Vendor Advisory
    Added CWE NIST CWE-269
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1542d_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1562d_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1815m_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1815m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1830e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1840i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1840i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1850e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_2800i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_3800p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9105axi_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9115axe_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9117_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9120axi_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9124axd_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9130axe_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_iw6300_ac_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_iw6300_ac:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:esw-6300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:esw-6300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:1100-8p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:1100-8p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:1120_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:1160_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:1160:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:* versions from (including) 8.10 up to (excluding) 8.10.151.0
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 16.12 up to (excluding) 16.12.6 *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 17.3 up to (excluding) 17.3.3 *cpe:2.3:o:cisco:catalyst_9800_firmware:17.4:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1542i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 16.12 up to (excluding) 16.12.6 *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 17.3 up to (excluding) 17.3.3 *cpe:2.3:o:cisco:catalyst_9800_firmware:17.4:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 16.12 up to (excluding) 16.12.6 *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 17.3 up to (excluding) 17.3.3 *cpe:2.3:o:cisco:catalyst_9800_firmware:17.4:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 16.12 up to (excluding) 16.12.6 *cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:* versions from (including) 17.3 up to (excluding) 17.3.3 *cpe:2.3:o:cisco:catalyst_9800_firmware:17.4:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1562e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1562i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1815w_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1815w:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1815t_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1815t:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1815i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1830i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_1850i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_2800e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_3800i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:aironet_3800e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9105axw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9115axi_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9120axp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9120axe_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9124axi_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_9130axi_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_iw6300_dc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_iw6300_dc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:catalyst_iw6300_dcw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-1419 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05635

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability