CVE-2019-1834

EPSS 0.19%
Veröffentlicht 18.04.2019 02:29:05
Zuletzt bearbeitet 21.11.2024 04:37:29
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Aironet Access Point Firmware Version >= 8.5 < 8.5.140.0

   Cisco ≫ Aironet 1542d Version-
   Cisco ≫ Aironet 1542i Version-
   Cisco ≫ Aironet 1562d Version-
   Cisco ≫ Aironet 1562e Version-
   Cisco ≫ Aironet 1562i Version-
   Cisco ≫ Aironet 1800i Version-
   Cisco ≫ Aironet 2800e Version-
   Cisco ≫ Aironet 2800i Version-
   Cisco ≫ Aironet 3800e Version-
   Cisco ≫ Aironet 3800i Version-
   Cisco ≫ Aironet 3800p Version-

Cisco ≫ Aironet Access Point Firmware Version >= 8.6.101.0 < 8.8.111.0

Cisco ≫ Aironet Access Point Firmware Version >= 8.8.120.0 < 8.9.100.0

Cisco ≫ Aironet Access Point Firmware Version8.5(131.0)

Cisco ≫ Aironet 1850e Version-
Cisco ≫ Aironet 1850i Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.372

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/108000

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1834

EUVD