Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1777.3
Cisco Small Business 100, 300, and 500 Series Wireless
Access Points Command Injection Vulnerabilities
4 August 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Small Business Wireless Access Points
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1555 CVE-2021-1554 CVE-2021-1553
CVE-2021-1552 CVE-2021-1551 CVE-2021-1550
CVE-2021-1549 CVE-2021-1548 CVE-2021-1547
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
Revision History: August 4 2021: Vendor added new BugID and updated vulnerable and fixed products
May 21 2021: Minor revision to product title
May 21 2021: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command
Injection Vulnerabilities
Priority: Medium
Advisory ID: cisco-sa-sb-wap-inject-Mp9FSdG
First Published: 2021 May 19 16:00 GMT
Last Updated: 2021 August 3 15:59 GMT
Version 1.1: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvx46599 CSCvy89107
CVE Names: CVE-2021-1547 CVE-2021-1548 CVE-2021-1549 CVE-2021-1550
CVE-2021-1551 CVE-2021-1552 CVE-2021-1553 CVE-2021-1554
CVE-2021-1555
CWEs: CWE-77
Summary
o Multiple vulnerabilities in the web-based management interface of certain
Cisco Small Business 100, 300, and 500 Series Wireless Access Points could
allow an authenticated, remote attacker to perform command injection
attacks against an affected device.
These vulnerabilities are due to improper validation of user-supplied
input. An attacker could exploit these vulnerabilities by sending crafted
HTTP requests to the web-based management interface of an affected system.
A successful exploit could allow the attacker to execute arbitrary commands
with root privileges on the device. To exploit these vulnerabilities, the
attacker must have valid administrative credentials for the device.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
Affected Products
o Vulnerable Products
At the time of publication, these vulnerabilities affected the following
Cisco Small Business 100, 300, and 500 Series Wireless Access Points and
firmware releases:
Cisco Product Vulnerable
Releases
WAP121 Wireless-N Access Point with Single Point Setup ^1 1.0.6.8 and
earlier
WAP125 Wireless-AC Dual Band Desktop Access Point with 1.0.3.1 and
PoE earlier
WAP131 Wireless-N Dual Radio Access Point with PoE ^1 1.0.2.17 and
earlier
WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.2.4 and
earlier
WAP321 Wireless-N Access Point with Single Point Setup ^1 1.0.6.7 and
earlier
WAP351 Wireless-N Dual Radio Access Point with 5-Port 1.0.2.17 and
Switch ^1 earlier
WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point 1.1.2.4 and
with PoE earlier
WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 1.0.3.1 and
2.5GbE LAN earlier
^ 1 Cisco WAP121 Wireless-N Dual Radio Access Points with PoE, Cisco WAP131
Wireless-N Dual Radio Access Points with PoE, Cisco WAP321 Wireless-N
Access Point with Single Point Setup and Cisco WAP351 Wireless-N Dual Radio
Access Points with 5-Port Switch have entered the end-of-life process. For
more details, see the Fixed Software section of this advisory.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, the release information in the following table
(s) was accurate. See the Details section in the bug ID(s) at the top of
this advisory for the most complete and current information.
The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerabilities described
in this advisory and which release included the fix for these
vulnerabilities.
Cisco Product First Fixed
Release
WAP125 Wireless-AC Dual Band Desktop Access Point with 1.0.4.3
PoE
WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.3.2
WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point 1.1.3.2
with PoE
WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 1.0.4.4
2.5GbE LAN
WAP 121, WAP131, WAP321 and WAP351 Access Points
Cisco has not released and will not release firmware updates for Cisco
WAP121 Wireless-N Access Point with Single Point Setup, Cisco WAP131
Wireless-N Dual Radio Access Point with PoE, Cisco WAP321 Wireless-N Access
Point with Single Point Setup and Cisco WAP351 Wireless-N Dual Radio Access
Point with 5-Port Switch to address the vulnerabilities described in this
advisory. These products have entered the end-of-life process. Customers
are advised to refer to the end-of-life notices for these products:
End-of-Sale and End-of-Life Announcement for the Cisco WAP121 Wireless-N
Access Point with Single Point Setup
End-of-Sale and End-of-Life Announcement for the Cisco WAP131 Wireless-N
Dual Radio Access Point with PoE
End-of-Sale and End-of-Life Announcement for the Cisco WAP321 Wireless-N
Access Point with Single Point Setup
End-of-Sale and End-of-Life Announcement for the Cisco WAP351 Wireless-N
Dual Radio Access Point with 5-Port Switch
Customers are encouraged to migrate to the Cisco Small Business 100, 300,
and 500 Series Wireless Access Points suggested in each of the end-of-life
notices.
When considering a device migration, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that new access point will be
sufficient for their network needs, contains sufficient memory, and current
hardware and software configurations will continue to be supported properly
by the new product. If the information is not clear, customers are advised
to contact the Cisco Technical Assistance Center (TAC) or their contracted
maintenance providers.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any malicious use of the vulnerabilities that are described in this
advisory.
Source
o Cisco would like to thank the KrCERT/CC Vulnerability Analysis Team for
reporting these vulnerabilities.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
Revision History
o +---------+---------------+------------------------+--------+-------------+
| Version | Description | Section | Status | Date |
+---------+---------------+------------------------+--------+-------------+
| | Updated | Vulnerable Products | | |
| 1.1 | vulnerable | and Fixed releases | Final | 2021-AUG-03 |
| | products. | footnote. | | |
+---------+---------------+------------------------+--------+-------------+
| | Initial | | | |
| 1.0 | public | - | Final | 2021-MAY-19 |
| | release. | | | |
+---------+---------------+------------------------+--------+-------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYQnP9eNLKJtyKPYoAQjErRAAkeZ8uBBWq7a5KlENWG6C2GXiPbH92w5a
TS+dqSM04B6SKsiSZk/crmSlc91UdyOZPicvhTsVw6ylhE/8QLHMBFW0DaQcmpvx
J/7krqCp5vqePr90Ozgv9R5HXj2BycVi/6bhVonmplJkUsdRg4QXJesRM+r8gv83
t/LKMyQi5KRw3F0yj8FbAutx34s5Nmw6tE9WB/2wQq3PhxAD3qvLE7jIveYH20ZM
Sq1SocCdubpV5QsfFwcVLHvsYw6CJx3VWR9GKc7cZ0pALqG2O8VUxtw1I7K0ZnNU
5/6FCl5nuTlSFsDrsrDKQauwk2xS+9C1T6HQ3UR5DlsopyQeAPuaKMMFHzfVTfTZ
KyO+4q9HDrqb+y29L0mb+C3XFSRlZMyfUS3g3AMzb8GYXeUy2RU6ad6IBsTJf5BT
P0bUdCaC1uSL8yGiB4jG/3uxC9UdVsvNosLmC+ezvhXPZ4MdyP8ttaStJ0WTHkev
txtYPnJ1Fp45BvQXqi3Z+oySi93oVuqImfEvpAipQOad4QRp24h37uY1pmoHHUQD
pa+7i5GOm5Z3975FJfsdR/zh8Ws7n38mvJkwpNqJssFxbTdNl47XqWZXHLbjk3xy
RaD4RBZYgrAZfTKNDI9zwRyXY40jmi4rjg0/FCM5+JRoAkG3LL5+nqYXK014dJG8
V0Yd1pWfBxI=
=MVI4
-----END PGP SIGNATURE-----