Rewterz Threat Alert – LokiBot – Active IOCs
May 20, 2021Rewterz Threat Advisory – Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
May 20, 2021Rewterz Threat Alert – LokiBot – Active IOCs
May 20, 2021Rewterz Threat Advisory – Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
May 20, 2021Severity
Medium
Analysis Summary
CVE-2019-1726
The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.
Impact
Access internal service
Affected Vendors
Cisco
Affected Products
- Nexus 3000 Series Switches
- Nexus 3500 Platform Switches
Remediation
Refer to Cisco advisory for the complete list of affected products and their respective patches.