CVE-2021-1400 - Vulnerability Details - OpenCVE

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Cisco	Wap125 Wap125 Firmware Wap131 Wap131 Firmware Wap150 Wap150 Firmware Wap351 Wap351 Firmware Wap361 Wap361 Firmware Wap581 Wap581 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN71263107/index.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF

History

Sat, 09 Nov 2024 00:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-05-06T12:42:39.308636Z

Updated: 2024-11-08T23:18:03.507Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1400

Vulnrichment

Updated: 2024-08-03T16:11:17.383Z

NVD

Status : Modified

Published: 2021-05-06T13:15:09.983

Modified: 2024-11-21T05:44:16.120

Link: CVE-2021-1400

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Business Wireless Access Point Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-14T04:06:11", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"}, {"name": "JVN#71263107", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN71263107/index.html"}], "source": {"advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [["CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000"]], "discovery": "INTERNAL"}, "title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00", "ID": "CVE-2021-1400", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Business Wireless Access Point Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "impact": {"cvss": {"baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269"}]}]}, "references": {"reference_data": [{"name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"}, {"name": "JVN#71263107", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN71263107/index.html"}]}, "source": {"advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "defect": [["CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:11:17.383Z"}, "title": "CVE Program Container", "references": [{"name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"}, {"name": "JVN#71263107", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN71263107/index.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T20:17:25.333036Z", "id": "CVE-2021-1400", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T23:18:03.507Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1400", "datePublished": "2021-05-06T12:42:39.308636Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:18:03.507Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF", "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://jvn.jp/en/jp/JVN71263107/index.html", "name": "JVN#71263107", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:11:17.383Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1400", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-08T20:17:25.333036Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T20:36:29.812Z"}}], "cna": {"title": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "source": {"defect": [["CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000"]], "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Business Wireless Access Point Software", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "datePublic": "2021-05-05T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF", "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://jvn.jp/en/jp/JVN71263107/index.html", "name": "JVN#71263107", "tags": ["third-party-advisory", "x_refsource_JVN"]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-05-14T04:06:11"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, "source": {"defect": [["CSCvw52139", "CSCvw52146", "CSCvw59995", "CSCvw59997", "CSCvw59999", "CSCvw60000"]], "advisory": "cisco-sa-sb-wap-multi-ZAfKGXhF", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Business Wireless Access Point Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF", "name": "20210505 Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "refsource": "CISCO"}, {"url": "http://jvn.jp/en/jp/JVN71263107/index.html", "name": "JVN#71263107", "refsource": "JVN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-1400", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-1400", "state": "PUBLISHED", "dateUpdated": "2024-11-08T23:18:03.507Z", "dateReserved": "2020-11-13T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-05-06T12:42:39.308636Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA84E503-E035-44D6-8742-02953CFA6A70", "versionEndIncluding": "1.0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECA8468-5D7D-46DD-A967-E7EDA5FE8D4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA272A22-8CDA-4F6A-B39F-40CF3FE25500", "versionEndIncluding": "1.0.2.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B3B7126-28E1-42F8-98CF-0EC156BE68D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21FF39B7-E738-4892-9F94-12EE46E0323A", "versionEndIncluding": "1.1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*", "matchCriteriaId": "CAB01CB7-C5BB-49D6-85A7-CECED514C7CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "75164093-946B-49B5-922E-EBBA56A9088A", "versionEndIncluding": "1.0.2.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9917176-E908-4110-A641-FED1DFF41C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CCE33DA-DB97-4C04-BB34-3757FAF4592C", "versionEndIncluding": "1.1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*", "matchCriteriaId": "49477A11-78C3-4EEA-899E-5E4623D38068", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A274C297-CB27-460B-9177-F11326B31CB8", "versionEndIncluding": "1.0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*", "matchCriteriaId": "C857E391-3C62-4F37-BD86-7184F79B89B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de determinados Wireless Access Points de Cisco Small Business 100, 300, and 500 Series, podr\u00edan permitir a un atacante remoto autenticado conseguir informaci\u00f3n confidencial o inyectar comandos arbitrarios en un dispositivo afectado. Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"}], "id": "CVE-2021-1400", "lastModified": "2024-11-21T05:44:16.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-06T13:15:09.983", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/en/jp/JVN71263107/index.html"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/en/jp/JVN71263107/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}