CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1437

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-1437

Cisco » Aironet Access Point Software » Version: N/A

cpe:2.3:a:cisco:aironet_access_point_software:-
Cisco » Wireless Lan Controller Software » Version: Any

cpe:2.3:a:cisco:wireless_lan_controller_software:*
Cisco » 1100 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:1100_integrated_services_router:-
Cisco » Aironet 1540 » Version: N/A

cpe:2.3:h:cisco:aironet_1540:-
Cisco » Aironet 1560 » Version: N/A

cpe:2.3:h:cisco:aironet_1560:-
Cisco » Aironet 1800 » Version: N/A

cpe:2.3:h:cisco:aironet_1800:-
Cisco » Aironet 2800 » Version: N/A

cpe:2.3:h:cisco:aironet_2800:-
Cisco » Aironet 3800 » Version: N/A

cpe:2.3:h:cisco:aironet_3800:-
Cisco » Aironet 4800 » Version: N/A

cpe:2.3:h:cisco:aironet_4800:-
Cisco » Catalyst 9100 » Version: N/A

cpe:2.3:h:cisco:catalyst_9100:-
Cisco » Catalyst 9800 » Version: N/A

cpe:2.3:h:cisco:catalyst_9800:-
Cisco » Catalyst Iw6300 » Version: N/A

cpe:2.3:h:cisco:catalyst_iw6300:-
Cisco » Esw6300 » Version: N/A

cpe:2.3:h:cisco:esw6300:-
Cisco » Catalyst 9800 Firmware » Version: 17.1

cpe:2.3:o:cisco:catalyst_9800_firmware:17.1
Cisco » Catalyst 9800 Firmware » Version: 17.2

cpe:2.3:o:cisco:catalyst_9800_firmware:17.2
Cisco » Catalyst 9800 Firmware » Version: 17.3

cpe:2.3:o:cisco:catalyst_9800_firmware:17.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1437

Products

Pricing

Contact Us