VAR-201904-0412
Vulnerability from variot - Updated: 2023-12-18 12:43A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5\\(131.3\\)"
},
{
"model": "aironet series access points",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "48000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "38000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "28000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "18508.5(131.3)"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15600"
}
],
"sources": [
{
"db": "BID",
"id": "107988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_firmware:8.5\\(131.3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "107988"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1826",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "VHN-150588",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1826",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1826",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-822",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-150588",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150588"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "BID",
"id": "107988"
},
{
"db": "VULHUB",
"id": "VHN-150588"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1826",
"trust": 2.8
},
{
"db": "BID",
"id": "107988",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1329.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-150588",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150588"
},
{
"db": "BID",
"id": "107988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"id": "VAR-201904-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-150588"
}
],
"trust": 0.56931034
},
"last_update_date": "2023-12-18T12:43:34.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190417-aap-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aap-dos"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91657"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150588"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107988"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aap-dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1826"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1826"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79278"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1329.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-quality-of-service-29076"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150588"
},
{
"db": "BID",
"id": "107988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-150588"
},
{
"db": "BID",
"id": "107988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-150588"
},
{
"date": "2019-04-17T00:00:00",
"db": "BID",
"id": "107988"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"date": "2019-04-18T02:29:05.467000",
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"date": "2019-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-150588"
},
{
"date": "2019-04-17T00:00:00",
"db": "BID",
"id": "107988"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003802"
},
{
"date": "2019-10-09T23:48:15.940000",
"db": "NVD",
"id": "CVE-2019-1826"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Aironet Series Access Points Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003802"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "107988"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-822"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…