Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1777.3 Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities 4 August 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Small Business Wireless Access Points Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-1555 CVE-2021-1554 CVE-2021-1553 CVE-2021-1552 CVE-2021-1551 CVE-2021-1550 CVE-2021-1549 CVE-2021-1548 CVE-2021-1547 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG Revision History: August 4 2021: Vendor added new BugID and updated vulnerable and fixed products May 21 2021: Minor revision to product title May 21 2021: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities Priority: Medium Advisory ID: cisco-sa-sb-wap-inject-Mp9FSdG First Published: 2021 May 19 16:00 GMT Last Updated: 2021 August 3 15:59 GMT Version 1.1: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvx46599 CSCvy89107 CVE Names: CVE-2021-1547 CVE-2021-1548 CVE-2021-1549 CVE-2021-1550 CVE-2021-1551 CVE-2021-1552 CVE-2021-1553 CVE-2021-1554 CVE-2021-1555 CWEs: CWE-77 Summary o Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG Affected Products o Vulnerable Products At the time of publication, these vulnerabilities affected the following Cisco Small Business 100, 300, and 500 Series Wireless Access Points and firmware releases: Cisco Product Vulnerable Releases WAP121 Wireless-N Access Point with Single Point Setup ^1 1.0.6.8 and earlier WAP125 Wireless-AC Dual Band Desktop Access Point with 1.0.3.1 and PoE earlier WAP131 Wireless-N Dual Radio Access Point with PoE ^1 1.0.2.17 and earlier WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.2.4 and earlier WAP321 Wireless-N Access Point with Single Point Setup ^1 1.0.6.7 and earlier WAP351 Wireless-N Dual Radio Access Point with 5-Port 1.0.2.17 and Switch ^1 earlier WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point 1.1.2.4 and with PoE earlier WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 1.0.3.1 and 2.5GbE LAN earlier ^ 1 Cisco WAP121 Wireless-N Dual Radio Access Points with PoE, Cisco WAP131 Wireless-N Dual Radio Access Points with PoE, Cisco WAP321 Wireless-N Access Point with Single Point Setup and Cisco WAP351 Wireless-N Dual Radio Access Points with 5-Port Switch have entered the end-of-life process. For more details, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerabilities described in this advisory and which release included the fix for these vulnerabilities. Cisco Product First Fixed Release WAP125 Wireless-AC Dual Band Desktop Access Point with 1.0.4.3 PoE WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.3.2 WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point 1.1.3.2 with PoE WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 1.0.4.4 2.5GbE LAN WAP 121, WAP131, WAP321 and WAP351 Access Points Cisco has not released and will not release firmware updates for Cisco WAP121 Wireless-N Access Point with Single Point Setup, Cisco WAP131 Wireless-N Dual Radio Access Point with PoE, Cisco WAP321 Wireless-N Access Point with Single Point Setup and Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch to address the vulnerabilities described in this advisory. These products have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products: End-of-Sale and End-of-Life Announcement for the Cisco WAP121 Wireless-N Access Point with Single Point Setup End-of-Sale and End-of-Life Announcement for the Cisco WAP131 Wireless-N Dual Radio Access Point with PoE End-of-Sale and End-of-Life Announcement for the Cisco WAP321 Wireless-N Access Point with Single Point Setup End-of-Sale and End-of-Life Announcement for the Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch Customers are encouraged to migrate to the Cisco Small Business 100, 300, and 500 Series Wireless Access Points suggested in each of the end-of-life notices. When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that new access point will be sufficient for their network needs, contains sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory. Source o Cisco would like to thank the KrCERT/CC Vulnerability Analysis Team for reporting these vulnerabilities. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG Revision History o +---------+---------------+------------------------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+---------------+------------------------+--------+-------------+ | | Updated | Vulnerable Products | | | | 1.1 | vulnerable | and Fixed releases | Final | 2021-AUG-03 | | | products. | footnote. | | | +---------+---------------+------------------------+--------+-------------+ | | Initial | | | | | 1.0 | public | - | Final | 2021-MAY-19 | | | release. | | | | +---------+---------------+------------------------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYQnP9eNLKJtyKPYoAQjErRAAkeZ8uBBWq7a5KlENWG6C2GXiPbH92w5a TS+dqSM04B6SKsiSZk/crmSlc91UdyOZPicvhTsVw6ylhE/8QLHMBFW0DaQcmpvx J/7krqCp5vqePr90Ozgv9R5HXj2BycVi/6bhVonmplJkUsdRg4QXJesRM+r8gv83 t/LKMyQi5KRw3F0yj8FbAutx34s5Nmw6tE9WB/2wQq3PhxAD3qvLE7jIveYH20ZM Sq1SocCdubpV5QsfFwcVLHvsYw6CJx3VWR9GKc7cZ0pALqG2O8VUxtw1I7K0ZnNU 5/6FCl5nuTlSFsDrsrDKQauwk2xS+9C1T6HQ3UR5DlsopyQeAPuaKMMFHzfVTfTZ KyO+4q9HDrqb+y29L0mb+C3XFSRlZMyfUS3g3AMzb8GYXeUy2RU6ad6IBsTJf5BT P0bUdCaC1uSL8yGiB4jG/3uxC9UdVsvNosLmC+ezvhXPZ4MdyP8ttaStJ0WTHkev txtYPnJ1Fp45BvQXqi3Z+oySi93oVuqImfEvpAipQOad4QRp24h37uY1pmoHHUQD pa+7i5GOm5Z3975FJfsdR/zh8Ws7n38mvJkwpNqJssFxbTdNl47XqWZXHLbjk3xy RaD4RBZYgrAZfTKNDI9zwRyXY40jmi4rjg0/FCM5+JRoAkG3LL5+nqYXK014dJG8 V0Yd1pWfBxI= =MVI4 -----END PGP SIGNATURE-----