CNVD-2019-36456

Vulnerability from cnvd - Published: 2019-10-22
VLAI Severity ?
Title
Cisco Aironet Access Points Software访问控制错误漏洞
Description
Cisco Aironet 1540 Series APs等都是美国思科(Cisco)公司的产品。Cisco Aironet 1540 Series APs是一款1540系列访问接入点产品。Cisco Aironet 1560 Series APs是一款1560系列访问接入点产品。Cisco Aironet 1800 Series APs是一款1800系列访问接入点产品。Aironet Access Points(APs)Software是运行在其中的一套操作系统。 Cisco APs Software中存在访问控制错误漏洞,该漏洞源于程序未能对一些URLs进行充分的访问控制,远程攻击者可通过请求URL利用该漏洞以提升的权限未授权访问目标设备。
Severity
Patch Name
Cisco Aironet Access Points Software访问控制错误漏洞的补丁
Patch Description
Cisco Aironet 1540 Series APs等都是美国思科(Cisco)公司的产品。Cisco Aironet 1540 Series APs是一款1540系列访问接入点产品。Cisco Aironet 1560 Series APs是一款1560系列访问接入点产品。Cisco Aironet 1800 Series APs是一款1800系列访问接入点产品。Aironet Access Points(APs)Software是运行在其中的一套操作系统。 Cisco APs Software中存在访问控制错误漏洞,该漏洞源于程序未能对一些URLs进行充分的访问控制,远程攻击者可通过请求URL利用该漏洞以提升的权限未授权访问目标设备。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access

Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-15260 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access
Impacted products
Name
['Cisco Aironet 1540 Series Aps', 'Cisco Aironet 1560 Series Aps', 'Cisco Aironet 1800 Series Aps', 'Cisco Aironet 2800 Series Aps', 'Cisco Aironet 3800 Series Aps', 'Cisco Aironet 4800 APs']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15260"
    }
  },
  "description": "Cisco Aironet 1540 Series APs\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Aironet 1540 Series APs\u662f\u4e00\u6b3e1540\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1560 Series APs\u662f\u4e00\u6b3e1560\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1800 Series APs\u662f\u4e00\u6b3e1800\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Aironet Access Points\uff08APs\uff09Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco APs Software\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u4e00\u4e9bURLs\u8fdb\u884c\u5145\u5206\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf7\u6c42URL\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u672a\u6388\u6743\u8bbf\u95ee\u76ee\u6807\u8bbe\u5907\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-36456",
  "openTime": "2019-10-22",
  "patchDescription": "Cisco Aironet 1540 Series APs\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Aironet 1540 Series APs\u662f\u4e00\u6b3e1540\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1560 Series APs\u662f\u4e00\u6b3e1560\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1800 Series APs\u662f\u4e00\u6b3e1800\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Aironet Access Points\uff08APs\uff09Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco APs Software\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u4e00\u4e9bURLs\u8fdb\u884c\u5145\u5206\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf7\u6c42URL\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u672a\u6388\u6743\u8bbf\u95ee\u76ee\u6807\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Aironet Access Points Software\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Aironet 1540 Series Aps",
      "Cisco Aironet 1560 Series Aps",
      "Cisco Aironet 1800 Series Aps",
      "Cisco Aironet 2800 Series Aps",
      "Cisco Aironet 3800 Series Aps",
      "Cisco Aironet 4800 APs"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15260\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-18",
  "title": "Cisco Aironet Access Points Software\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.