[Japanese]

JVNDB-2021-000038

Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points

Overview

Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below.

*Improper access control (CWE-284) - CVE-2021-1400
*Command injection (CWE-78) - CVE-2021-1401

Shuto Imai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 9.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2021-1400


CVSS V3 Severity:
Base Metrics: 5.5 (Medium) [JPCERT/CC Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 7.0 (Medium) [JPCERT/CC Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Complete
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-1401
Affected Products


Cisco Systems, Inc.
  • WAP125 Wireless-AC Dual Band Desktop Access Point with PoE 1.0.3.1 and earlier
  • WAP131 Wireless-N Dual Radio Access Point with PoE 1.0.2.17 and earlier
  • WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.2.4 and earlier
  • WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch 1.0.2.17 and earlier
  • WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE 1.1.2.4 and earlier
  • WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN 1.0.3.1 and earlier

The developer states that WAP131 Wireless-N Dual Radio Access Point with PoE and WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch are no longer supported (End-of-Life, EOL). For details, refer to the information provided by the developer.
Impact

The impacts may vary depending on the vulnerabilities, however, the followings are the possible impacts if an attacker who can access the affected device sends a specially crafted HTTP request to the administrative web interface of the device;

*Impersonate a user including an administrator - CVE-2021-1400
*An arbitrary command may be executed with the administrative privilege of the device - CVE-2021-1401
Solution

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Information

Cisco Systems, Inc.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
  2. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2021-1400
  2. CVE-2021-1401
References

  1. JVN : JVN#71263107
  2. National Vulnerability Database (NVD) : CVE-2021-1400
  3. National Vulnerability Database (NVD) : CVE-2021-1401
Revision History

  • [2021/05/14]
      Web page was published