FKIE_CVE-2019-15264
Vulnerability from fkie_nvd - Published: 2019-10-16 19:15 - Updated: 2024-11-21 04:28
Severity ?
Summary
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | aironet_1540_firmware | - | |
| cisco | aironet_1540 | - | |
| cisco | aironet_1560_firmware | - | |
| cisco | aironet_1560 | - | |
| cisco | aironet_1850_firmware | - | |
| cisco | aironet_1850_firmware | 8.9\(1.249\) | |
| cisco | aironet_1850_firmware | 8.9\(1.255\) | |
| cisco | aironet_1850_firmware | 8.9\(4.28\) | |
| cisco | aironet_1850_firmware | 8.9\(4.41\) | |
| cisco | aironet_1850_firmware | 8.9\(4.49\) | |
| cisco | aironet_1850_firmware | 8.9\(4.55\) | |
| cisco | aironet_1850_firmware | 8.9\(4.58\) | |
| cisco | aironet_1850_firmware | 8.9\(104.24\) | |
| cisco | aironet_1850_firmware | 8.10\(1.139\) | |
| cisco | aironet_1850_firmware | 8.10\(1.146\) | |
| cisco | aironet_1800 | - | |
| cisco | aironet_2800_firmware | - | |
| cisco | aironet_2800 | - | |
| cisco | aironet_3800_firmware | - | |
| cisco | aironet_3800 | - | |
| cisco | aironet_4800_firmware | - | |
| cisco | aironet_4800 | - | |
| cisco | catalyst_9100_firmware | - | |
| cisco | catalyst_9100 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1540_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B184226-93FF-4DF0-9160-D6AF7DBA4B40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1560_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6EF369-8D83-4F5D-BDBE-99E89AD84810",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF828602-8F14-4216-9056-B590AE2A3913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(1.249\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F2F64DF-D74C-46AC-9787-3DD3051A6940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(1.255\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9DEB9F56-355C-4162-9331-DD21752DB171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.28\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C76DBD1-4C8D-4762-AEA4-4E9FD091AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.41\\):*:*:*:*:*:*:*",
"matchCriteriaId": "45D5DAB9-E678-4064-8A27-AB8208CFF83F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6ADD6FA-636D-48B0-8063-868EF52207DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F2E08121-CF47-41DB-B92A-C9DD4C81191C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(4.58\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9CEA84AD-F61A-4864-A3D7-FE2880DEBD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.9\\(104.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2A3FDCB8-30FB-4746-91EA-405BA0B466A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\(1.139\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3C1B2EE-FA80-43D2-9930-19F530F03F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\(1.146\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9837145C-C338-4118-8072-0944484183DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD27F3F-961F-4F44-AD2D-CF9EAD04E2B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFE3575-DDAF-433E-8D77-4CCADADC99B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5618CE7C-DF82-4849-AC79-A00B747883BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:catalyst_9100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0340C6F-5173-47BF-B2C8-0D17210008A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749040C6-A21A-4EF3-8213-42EE01CFA303",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) de Cisco Aironet and Catalyst 9100 Access Points (APs), podr\u00eda permitir a un atacante adyacente no autenticado causar que un dispositivo afectado se reinicie inesperadamente, resultando en una condici\u00f3n de denegaci\u00f3n de servicio ( DoS). La vulnerabilidad es debido a una gesti\u00f3n de recursos inapropiada durante el procesamiento de mensajes en protocolo CAPWAP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un gran volumen de tramas leg\u00edtimas de administraci\u00f3n inal\u00e1mbrica en poco tiempo a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que un dispositivo se reinicie inesperadamente, resultando en una condici\u00f3n DoS para los clientes asociados con el AP."
}
],
"id": "CVE-2019-15264",
"lastModified": "2024-11-21T04:28:19.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-16T19:15:14.050",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…