Lucene search

[email protected]NVD:CVE-2019-1835

HistoryApr 18, 2019 - 2:29 a.m.

CVE-2019-1835

2019-04-1802:29:05

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

9.9%

JSON

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.

Affected configurations

Nvd

Node

ciscoaironet_access_point_firmwareMatch8.8

ciscoaironet_access_point_firmwareMatch8.9

AND

ciscoaironet_1542dMatch-

ciscoaironet_1542iMatch-

ciscoaironet_1562dMatch-

ciscoaironet_1562eMatch-

ciscoaironet_1562iMatch-

ciscoaironet_1800iMatch-

ciscoaironet_1850eMatch-

ciscoaironet_1850iMatch-

ciscoaironet_2800eMatch-

ciscoaironet_2800iMatch-

ciscoaironet_3800eMatch-

ciscoaironet_3800iMatch-

ciscoaironet_3800pMatch-

VendorProductVersionCPE
ciscoaironet_access_point_firmware8.8cpe:2.3:o:cisco:aironet_access_point_firmware:8.8:*:*:*:*:*:*:*
ciscoaironet_access_point_firmware8.9cpe:2.3:o:cisco:aironet_access_point_firmware:8.9:*:*:*:*:*:*:*
ciscoaironet_1542d-cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*
ciscoaironet_1542i-cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*
ciscoaironet_1562d-cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*
ciscoaironet_1562e-cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*
ciscoaironet_1562i-cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*
ciscoaironet_1800i-cpe:2.3:h:cisco:aironet_1800i:-:*:*:*:*:*:*:*
ciscoaironet_1850e-cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*
ciscoaironet_1850i-cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	aironet_access_point_firmware	8.8	cpe:2.3:o:cisco:aironet_access_point_firmware:8.8:::::::*
cisco	aironet_access_point_firmware	8.9	cpe:2.3:o:cisco:aironet_access_point_firmware:8.9:::::::*
cisco	aironet_1542d	-	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
cisco	aironet_1542i	-	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
cisco	aironet_1562d	-	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
cisco	aironet_1562e	-	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
cisco	aironet_1562i	-	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
cisco	aironet_1800i	-	cpe:2.3:h:cisco:aironet_1800i:-:::::::*
cisco	aironet_1850e	-	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
cisco	aironet_1850i	-	cpe:2.3:h:cisco:aironet_1850i:-:::::::*

Rows per page:

1-10 of 151

References

www.securityfocus.com/bid/108001

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-traversal

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for NVD:CVE-2019-1835

cisco1 cve1 prion1 cvelist1