All the vulnerabilites related to cisco - aironet_1540_firmware
cve-2019-15260
Vulnerability from cvelistv5
Published
2019-10-16 18:36
Modified
2024-11-19 18:53
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Aironet Access Point Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:00.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191016 Cisco Aironet Access Points Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:21:07.420687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:53:04.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T18:36:38",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191016 Cisco Aironet Access Points Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access"
}
],
"source": {
"advisory": "cisco-sa-20191016-airo-unauth-access",
"defect": [
[
"CSCvm54888"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Points Unauthorized Access Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-10-16T16:00:00-0700",
"ID": "CVE-2019-15260",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Points Unauthorized Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191016 Cisco Aironet Access Points Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access"
}
]
},
"source": {
"advisory": "cisco-sa-20191016-airo-unauth-access",
"defect": [
[
"CSCvm54888"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15260",
"datePublished": "2019-10-16T18:36:38.662316Z",
"dateReserved": "2019-08-20T00:00:00",
"dateUpdated": "2024-11-19T18:53:04.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15264
Vulnerability from cvelistv5
Published
2019-10-16 18:36
Modified
2024-11-21 19:08
Severity ?
EPSS score ?
Summary
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Aironet Access Point Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191016 Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:56:10.473048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:08:07.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T18:36:40",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191016 Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
}
],
"source": {
"advisory": "cisco-sa-20191016-airo-capwap-dos",
"defect": [
[
"CSCvo40697"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-10-16T16:00:00-0700",
"ID": "CVE-2019-15264",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191016 Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20191016-airo-capwap-dos",
"defect": [
[
"CSCvo40697"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15264",
"datePublished": "2019-10-16T18:36:40.628811Z",
"dateReserved": "2019-08-20T00:00:00",
"dateUpdated": "2024-11-21T19:08:07.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15265
Vulnerability from cvelistv5
Published
2019-10-16 18:36
Modified
2024-11-21 19:07
Severity ?
EPSS score ?
Summary
A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Aironet Access Point Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191016 Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:56:09.298017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:07:55.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T18:36:40",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191016 Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos"
}
],
"source": {
"advisory": "cisco-sa-20191016-airo-dos",
"defect": [
[
"CSCvn80147"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-10-16T16:00:00-0700",
"ID": "CVE-2019-15265",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191016 Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20191016-airo-dos",
"defect": [
[
"CSCvn80147"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15265",
"datePublished": "2019-10-16T18:36:41.060972Z",
"dateReserved": "2019-08-20T00:00:00",
"dateUpdated": "2024-11-21T19:07:55.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-10-16 19:15
Modified
2024-11-21 04:28
Severity ?
Summary
A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F91C28DE-D7A8-48E1-AEAC-53D05EFEE4C9",
"versionEndExcluding": "8.5.151.0",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F88FA5E-1FB3-47BD-A5C0-7388AAD9D8F8",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57DA95F9-AC56-412D-AA7E-40DD69EB3255",
"versionEndExcluding": "8.5.151.0",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F726EB5-20E5-4B3C-B19B-C60993237D58",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5942EAC8-48DD-4E5C-9057-AA0F48B81F05",
"versionEndExcluding": "8.5.151.0",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C499A360-8ADC-423B-AE0E-E1AC38BBE7F9",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF51008-B371-44D8-943F-9EB90634BC89",
"versionEndExcluding": "8.5.151.0",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E3908A-88A9-4580-8EB5-DE9F042DB40A",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BB527D-4799-4806-9583-E78576347DEB",
"versionEndExcluding": "8.5.151.0",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E45602BC-5A14-4446-B382-D4BE9B854124",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7685244-27C3-4F93-A60A-77B36752B1EC",
"versionEndExcluding": "8.5.151.0",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B02460E-AB12-4752-99A8-C6427F5267BC",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Aironet Access Points (APs) Software, podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso no autorizado en un dispositivo objetivo con privilegios elevados. La vulnerabilidad es debido a un control de acceso insuficiente para ciertas URL en un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante una petici\u00f3n de las URL espec\u00edficas de un AP afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante conseguir acceso al dispositivo con privilegios elevados. Aunque al atacante no se le conceder\u00eda acceso a todas las opciones de configuraci\u00f3n posibles, podr\u00eda permitirle visualizar informaci\u00f3n confidencial y reemplazar algunas opciones con valores de su elecci\u00f3n, incluyendo la configuraci\u00f3n de la red inal\u00e1mbrica. Tambi\u00e9n permitir\u00eda al atacante deshabilitar el AP, creando una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para los clientes asociados con el AP."
}
],
"id": "CVE-2019-15260",
"lastModified": "2024-11-21T04:28:18.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-16T19:15:13.723",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-16 19:15
Modified
2024-11-21 04:28
Severity ?
Summary
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | aironet_1540_firmware | - | |
| cisco | aironet_1540 | - | |
| cisco | aironet_1560_firmware | - | |
| cisco | aironet_1560 | - | |
| cisco | aironet_1850_firmware | - | |
| cisco | aironet_1850_firmware | 8.9\(1.249\) | |
| cisco | aironet_1850_firmware | 8.9\(1.255\) | |
| cisco | aironet_1850_firmware | 8.9\(4.28\) | |
| cisco | aironet_1850_firmware | 8.9\(4.41\) | |
| cisco | aironet_1850_firmware | 8.9\(4.49\) | |
| cisco | aironet_1850_firmware | 8.9\(4.55\) | |
| cisco | aironet_1850_firmware | 8.9\(4.58\) | |
| cisco | aironet_1850_firmware | 8.9\(104.24\) | |
| cisco | aironet_1850_firmware | 8.10\(1.139\) | |
| cisco | aironet_1850_firmware | 8.10\(1.146\) | |
| cisco | aironet_1800 | - | |
| cisco | aironet_2800_firmware | - | |
| cisco | aironet_2800 | - | |
| cisco | aironet_3800_firmware | - | |
| cisco | aironet_3800 | - | |
| cisco | aironet_4800_firmware | - | |
| cisco | aironet_4800 | - | |
| cisco | catalyst_9100_firmware | - | |
| cisco | catalyst_9100 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B184226-93FF-4DF0-9160-D6AF7DBA4B40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6EF369-8D83-4F5D-BDBE-99E89AD84810",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF828602-8F14-4216-9056-B590AE2A3913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(1.249\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F2F64DF-D74C-46AC-9787-3DD3051A6940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(1.255\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9DEB9F56-355C-4162-9331-DD21752DB171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.28\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C76DBD1-4C8D-4762-AEA4-4E9FD091AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.41\\):*:*:*:*:*:*:*",
"matchCriteriaId": "45D5DAB9-E678-4064-8A27-AB8208CFF83F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6ADD6FA-636D-48B0-8063-868EF52207DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F2E08121-CF47-41DB-B92A-C9DD4C81191C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.58\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9CEA84AD-F61A-4864-A3D7-FE2880DEBD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(104.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2A3FDCB8-30FB-4746-91EA-405BA0B466A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\(1.139\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3C1B2EE-FA80-43D2-9930-19F530F03F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\(1.146\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9837145C-C338-4118-8072-0944484183DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD27F3F-961F-4F44-AD2D-CF9EAD04E2B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFE3575-DDAF-433E-8D77-4CCADADC99B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5618CE7C-DF82-4849-AC79-A00B747883BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:catalyst_9100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0340C6F-5173-47BF-B2C8-0D17210008A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749040C6-A21A-4EF3-8213-42EE01CFA303",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) de Cisco Aironet and Catalyst 9100 Access Points (APs), podr\u00eda permitir a un atacante adyacente no autenticado causar que un dispositivo afectado se reinicie inesperadamente, resultando en una condici\u00f3n de denegaci\u00f3n de servicio ( DoS). La vulnerabilidad es debido a una gesti\u00f3n de recursos inapropiada durante el procesamiento de mensajes en protocolo CAPWAP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un gran volumen de tramas leg\u00edtimas de administraci\u00f3n inal\u00e1mbrica en poco tiempo a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que un dispositivo se reinicie inesperadamente, resultando en una condici\u00f3n DoS para los clientes asociados con el AP."
}
],
"id": "CVE-2019-15264",
"lastModified": "2024-11-21T04:28:19.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-16T19:15:14.050",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-16 19:15
Modified
2024-11-21 04:28
Severity ?
Summary
A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B75AD68-C993-4FDB-99E6-0CBE8AFE2554",
"versionEndExcluding": "8.5.151.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C230D285-DEF3-4479-9AAD-6B71F1BA6487",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3230B175-0437-47E5-B23B-58AF12A4D04C",
"versionEndExcluding": "8.9.100.0",
"versionStartIncluding": "8.8.125.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F790E0C0-EA7E-406F-9BC0-6CE8DD09C21E",
"versionEndExcluding": "8.5.151.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B89D5CF5-9C63-4FE5-B6EF-A1F696A1E495",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C70F24A0-18C8-4A7B-85C1-FB8B32F14EBE",
"versionEndExcluding": "8.9.100.0",
"versionStartIncluding": "8.8.125.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00280E6B-E762-4201-8FB0-55E8FB2BB4C9",
"versionEndExcluding": "8.5.151.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A02E232-8A4C-4CD1-AB50-55F3FFE05D78",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A77DBD8-876B-4167-8078-FD34605FD2B7",
"versionEndExcluding": "8.9.100.0",
"versionStartIncluding": "8.8.125.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1AD8DA-EC9A-40C8-996A-C11964FFB5C3",
"versionEndExcluding": "8.5.151.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B868B17A-4B21-465F-8548-41E2FA70DEF8",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C51F9B2-3D1D-40E2-A25E-9EA16F572DA6",
"versionEndExcluding": "8.9.100.0",
"versionStartIncluding": "8.8.125.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB06369-FA28-49ED-9D46-371A2E12DDDE",
"versionEndExcluding": "8.5.151.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5F5995-447D-49D2-9B9B-21328BC9398C",
"versionEndExcluding": "8.8.120.0",
"versionStartIncluding": "8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5926A2B-C2C3-4FFA-9A99-71E01F97C2F3",
"versionEndExcluding": "8.9.100.0",
"versionStartIncluding": "8.8.125.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad de reenv\u00edo de bridge protocol data unit (BPDU) de Cisco Aironet Access Points (APs), podr\u00eda permitir a un atacante adyacente no autenticado causar que un puerto del AP entre en un estado de error deshabilitado. La vulnerabilidad se presenta porque las BPDU recibidas de clientes inal\u00e1mbricos espec\u00edficos son reenviadas incorrectamente. Un atacante podr\u00eda explotar esta vulnerabilidad en la red inal\u00e1mbrica mediante el env\u00edo de un flujo constante de tramas BPDU dise\u00f1adas. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar un ataque de denegaci\u00f3n de servicio (DoS) limitado porque un puerto del AP podr\u00eda desconectarse."
}
],
"id": "CVE-2019-15265",
"lastModified": "2024-11-21T04:28:19.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-16T19:15:14.147",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}