Lucene search

CiscoCVE-2019-1826

HistoryApr 18, 2019 - 2:29 a.m.

CVE-2019-1826

2019-04-1802:29:05

CWE-20

cisco

web.nvd.nist.gov

cisco

aironet

access points

qos

vulnerability

dos

cve-2019-1826

nvd

wi-fi frames

CVSS2

5.5

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition.

Affected configurations

Nvd

Vulners

Node

ciscoaironet_access_point_firmwareMatch-

AND

ciscoaironet_1562dMatch-

ciscoaironet_1562eMatch-

ciscoaironet_1562iMatch-

ciscoaironet_2800eMatch-

ciscoaironet_2800iMatch-

ciscoaironet_3800eMatch-

ciscoaironet_3800iMatch-

ciscoaironet_3800pMatch-

ciscoaironet_4800Match-

Node

ciscoaironet_access_point_firmwareMatch8.5\(131.3\)

AND

ciscoaironet_1850eMatch-

ciscoaironet_1850iMatch-

VendorProductVersionCPE
ciscoaironet_access_point_firmware-cpe:2.3:o:cisco:aironet_access_point_firmware:-:*:*:*:*:*:*:*
ciscoaironet_1562d-cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*
ciscoaironet_1562e-cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*
ciscoaironet_1562i-cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*
ciscoaironet_2800e-cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*
ciscoaironet_2800i-cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*
ciscoaironet_3800e-cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*
ciscoaironet_3800i-cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*
ciscoaironet_3800p-cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*
ciscoaironet_4800-cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	aironet_access_point_firmware	-	cpe:2.3:o:cisco:aironet_access_point_firmware:-:::::::*
cisco	aironet_1562d	-	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
cisco	aironet_1562e	-	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
cisco	aironet_1562i	-	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
cisco	aironet_2800e	-	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
cisco	aironet_2800i	-	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
cisco	aironet_3800e	-	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
cisco	aironet_3800i	-	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
cisco	aironet_3800p	-	cpe:2.3:h:cisco:aironet_3800p:-:::::::*
cisco	aironet_4800	-	cpe:2.3:h:cisco:aironet_4800:-:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "Cisco Aironet Access Point Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "8.5"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107988

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aap-dos

CVSS2

5.5

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-1826