Lucene search

CiscoCVE-2019-15260

HistoryOct 16, 2019 - 7:15 p.m.

CVE-2019-15260

2019-10-1619:15:13

CWE-284

cisco

web.nvd.nist.gov

cisco

aironet

access points

software

vulnerability

unauthorized access

elevated privileges

denial of service

nvd

cve-2019-15260

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.

Affected configurations

Nvd

Node

ciscoaironet_1540_firmwareRange8.5–8.5.151.0

ciscoaironet_1540_firmwareRange8.8–8.8.120.0

AND

ciscoaironet_1540Match-

Node

ciscoaironet_1560_firmwareRange8.5–8.5.151.0

ciscoaironet_1560_firmwareRange8.8–8.8.120.0

AND

ciscoaironet_1560Match-

Node

ciscoaironet_1800_firmwareRange8.5–8.5.151.0

ciscoaironet_1800_firmwareRange8.8–8.8.120.0

AND

ciscoaironet_1800Match-

Node

ciscoaironet_2800_firmwareRange8.5–8.5.151.0

ciscoaironet_2800_firmwareRange8.8–8.8.120.0

AND

ciscoaironet_2800Match-

Node

ciscoaironet_3800_firmwareRange8.5–8.5.151.0

ciscoaironet_3800_firmwareRange8.8–8.8.120.0

AND

ciscoaironet_3800Match-

Node

ciscoaironet_4800_firmwareRange8.5–8.5.151.0

ciscoaironet_4800_firmwareRange8.8–8.8.120.0

AND

ciscoaironet_4800Match-

VendorProductVersionCPE
ciscoaironet_1540_firmware*cpe:2.3:o:cisco:aironet_1540_firmware:*:*:*:*:*:*:*:*
ciscoaironet_1540-cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*
ciscoaironet_1560_firmware*cpe:2.3:o:cisco:aironet_1560_firmware:*:*:*:*:*:*:*:*
ciscoaironet_1560-cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*
ciscoaironet_1800_firmware*cpe:2.3:o:cisco:aironet_1800_firmware:*:*:*:*:*:*:*:*
ciscoaironet_1800-cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*
ciscoaironet_2800_firmware*cpe:2.3:o:cisco:aironet_2800_firmware:*:*:*:*:*:*:*:*
ciscoaironet_2800-cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*
ciscoaironet_3800_firmware*cpe:2.3:o:cisco:aironet_3800_firmware:*:*:*:*:*:*:*:*
ciscoaironet_3800-cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	aironet_1540_firmware	*	cpe:2.3:o:cisco:aironet_1540_firmware::::::::
cisco	aironet_1540	-	cpe:2.3:h:cisco:aironet_1540:-:::::::*
cisco	aironet_1560_firmware	*	cpe:2.3:o:cisco:aironet_1560_firmware::::::::
cisco	aironet_1560	-	cpe:2.3:h:cisco:aironet_1560:-:::::::*
cisco	aironet_1800_firmware	*	cpe:2.3:o:cisco:aironet_1800_firmware::::::::
cisco	aironet_1800	-	cpe:2.3:h:cisco:aironet_1800:-:::::::*
cisco	aironet_2800_firmware	*	cpe:2.3:o:cisco:aironet_2800_firmware::::::::
cisco	aironet_2800	-	cpe:2.3:h:cisco:aironet_2800:-:::::::*
cisco	aironet_3800_firmware	*	cpe:2.3:o:cisco:aironet_3800_firmware::::::::
cisco	aironet_3800	-	cpe:2.3:h:cisco:aironet_3800:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Cisco Aironet Access Point Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Related for CVE-2019-15260