CVE-2019-1834

Current Description

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability.

Basic Data

PublishedApril 18, 2019
Last ModifiedOctober 09, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.3
SeverityLOW
Exploitability Score6.5
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorADJACENT_NETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score6.5
CVSS 3 - Base SeverityMEDIUM
Exploitability Score2.8
Base SeverityMEDIUM

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSCiscoAironet Access Point Firmware********8.58.5.140.0
      2.3OSCiscoAironet Access Point Firmware********8.6.101.08.8.111.0
      2.3OSCiscoAironet Access Point Firmware********8.8.120.08.9.100.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCiscoAironet 1542d-*******
      2.3HardwareCiscoAironet 1542i-*******
      2.3HardwareCiscoAironet 1562d-*******
      2.3HardwareCiscoAironet 1562e-*******
      2.3HardwareCiscoAironet 1562i-*******
      2.3HardwareCiscoAironet 1800i-*******
      2.3HardwareCiscoAironet 2800e-*******
      2.3HardwareCiscoAironet 2800i-*******
      2.3HardwareCiscoAironet 3800e-*******
      2.3HardwareCiscoAironet 3800i-*******
      2.3HardwareCiscoAironet 3800p-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSCiscoAironet Access Point Firmware8.5(131.0)*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCiscoAironet 1850e-*******
      2.3HardwareCiscoAironet 1850i-*******

Vulnerable Software List

VendorProductVersions
Cisco Aironet Access Point Firmware *, 8.5(131.0)

References

NameSourceURLTags
108000http://www.securityfocus.com/bid/108000BIDThird Party Advisory VDB Entry
20190417 Cisco Aironet Series Access Points Denial of Service Vulnerabilityhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-dosCISCOVendor Advisory