CVE-2019-15264

EPSS 0.32%
Published 16.10.2019 19:15:14
Last modified 21.11.2024 04:28:19
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Aironet 1540 Firmware Version-

Cisco ≫ Aironet 1540 Version-

Cisco ≫ Aironet 1560 Firmware Version-

Cisco ≫ Aironet 1560 Version-

Cisco ≫ Aironet 1850 Firmware Version-

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(1.249)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(1.255)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(4.28)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(4.41)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(4.49)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(4.55)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(4.58)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.9(104.24)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.10(1.139)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 1850 Firmware Version8.10(1.146)

Cisco ≫ Aironet 1800 Version-

Cisco ≫ Aironet 2800 Firmware Version-

Cisco ≫ Aironet 2800 Version-

Cisco ≫ Aironet 3800 Firmware Version-

Cisco ≫ Aironet 3800 Version-

Cisco ≫ Aironet 4800 Firmware Version-

Cisco ≫ Aironet 4800 Version-

Cisco ≫ Catalyst 9100 Firmware Version-

Cisco ≫ Catalyst 9100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.516

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-15264

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15264

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15264

EUVD