CVE-2021-1419
Cisco Access Points SSH Management Privilege Escalation Vulnerability
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
23 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco Wireless LAN Controller (WLC)