var-201904-0412
Vulnerability from variot
A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0412", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "aironet access point", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "aironet access point", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.5\\(131.3\\)" }, { "model": "aironet series access points", "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "48000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "38000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "28000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "18508.5(131.3)" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "15600" } ], "sources": [ { "db": "BID", "id": "107988" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "NVD", "id": "CVE-2019-1826" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_firmware:8.5\\(131.3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-1826" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco", "sources": [ { "db": "BID", "id": "107988" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ], "trust": 0.9 }, "cve": "CVE-2019-1826", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 5.1, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 5.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-1826", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 5.1, "id": "VHN-150588", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:S/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.1, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "ykramarz@cisco.com", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.3, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.7, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-1826", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-1826", "trust": 1.8, "value": "MEDIUM" }, { "author": "ykramarz@cisco.com", "id": "CVE-2019-1826", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201904-822", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-150588", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-150588" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "NVD", "id": "CVE-2019-1826" }, { "db": "NVD", "id": "CVE-2019-1826" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs", "sources": [ { "db": "NVD", "id": "CVE-2019-1826" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "BID", "id": "107988" }, { "db": "VULHUB", "id": "VHN-150588" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1826", "trust": 2.8 }, { "db": "BID", "id": "107988", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2019-003802", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201904-822", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1329.2", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-150588", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-150588" }, { "db": "BID", "id": "107988" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "NVD", "id": "CVE-2019-1826" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "id": "VAR-201904-0412", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-150588" } ], "trust": 0.56931034 }, "last_update_date": "2023-12-18T12:43:34.482000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20190417-aap-dos", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aap-dos" }, { "title": "Multiple Cisco Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91657" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-150588" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "NVD", "id": "CVE-2019-1826" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/107988" }, { "trust": 2.0, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aap-dos" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1826" }, { "trust": 0.9, "url": "http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html" }, { "trust": 0.9, "url": "http://www.cisco.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1826" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79278" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1329.2/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-quality-of-service-29076" } ], "sources": [ { "db": "VULHUB", "id": "VHN-150588" }, { "db": "BID", "id": "107988" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "NVD", "id": "CVE-2019-1826" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-150588" }, { "db": "BID", "id": "107988" }, { "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "db": "NVD", "id": "CVE-2019-1826" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-18T00:00:00", "db": "VULHUB", "id": "VHN-150588" }, { "date": "2019-04-17T00:00:00", "db": "BID", "id": "107988" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "date": "2019-04-18T02:29:05.467000", "db": "NVD", "id": "CVE-2019-1826" }, { "date": "2019-04-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-150588" }, { "date": "2019-04-17T00:00:00", "db": "BID", "id": "107988" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003802" }, { "date": "2019-10-09T23:48:15.940000", "db": "NVD", "id": "CVE-2019-1826" }, { "date": "2020-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-822" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-822" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco Aironet Series Access Points Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003802" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "107988" }, { "db": "CNNVD", "id": "CNNVD-201904-822" } ], "trust": 0.9 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.