CVE-2021-1449

Name of the Vulnerable Software and Affected Versions: Cisco Access Points Software (affected versions not specified)

Description: A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The issue is due to an improper check performed by the code managing system startup processes. An attacker could exploit this by modifying a specific file stored on the system, bypassing existing protections and allowing the execution of unsigned code at boot time, thus bypassing the software image verification check part of the secure boot process. To exploit this, the attacker would need access to the development shell (devshell) on the device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.