Rewterz

Rewterz Threat Advisory – CVE-2019-1726 – Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability

May 20, 2021
Rewterz

Rewterz Threat Alert – The BazarCall Method BazarLoader Malware Uses – Active IOCs

May 21, 2021

Rewterz Threat Advisory – Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-1547, CVE-2021-1548, CVE-2021-1549

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system.

Impact

  • Unauthorized Access
  • Command Injection

Affected Vendors

Cisco

Affected Products

  • Cisco Small Business 100 Series Wireless Access Point
  • Cisco Small Business 200 Series Wireless Access Point
  • Cisco Small Business 300 Series Wireless Access Point

Remediation

Refer to Cisco Advisory for the complete list of affected products and their respective patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.