7.2

CVE-2019-1829

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoAironet Access Point Firmware Version < 8.3.150.0
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1800i Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
CiscoAironet Access Point Firmware Version >= 8.5 < 8.5.140.0
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1800i Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
CiscoAironet Access Point Firmware Version >= 8.6.101.0 < 8.8.111.0
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1800i Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
CiscoAironet Access Point Firmware Version8.5(131.0)
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.563
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com 6.7 0.8 5.9
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://www.securityfocus.com/bid/107990
Third Party Advisory
VDB Entry