Lucene search

[email protected]CVE-2019-15265

HistoryOct 16, 2019 - 7:15 p.m.

CVE-2019-15265

2019-10-1619:15:14

CWE-20

[email protected]

web.nvd.nist.gov

cve-2019-15265

vulnerability

cisco aironet

access points

bpdu

denial of service

dos

nvd

security bug

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline.

Affected configurations

NVD

Node

ciscoaironet_1540_firmwareRange<8.5.151.0

ciscoaironet_1540_firmwareRange8.6–8.8.120.0

ciscoaironet_1540_firmwareRange8.8.125.0–8.9.100.0

AND

ciscoaironet_1540Match-

Node

ciscoaironet_1560_firmwareRange<8.5.151.0

ciscoaironet_1560_firmwareRange8.6–8.8.120.0

ciscoaironet_1560_firmwareRange8.8.125.0–8.9.100.0

AND

ciscoaironet_1560Match-

Node

ciscoaironet_1800_firmwareRange<8.5.151.0

ciscoaironet_1800_firmwareRange8.6–8.8.120.0

ciscoaironet_1800_firmwareRange8.8.125.0–8.9.100.0

AND

ciscoaironet_1800Match-

Node

ciscoaironet_2800_firmwareRange<8.5.151.0

ciscoaironet_2800_firmwareRange8.6–8.8.120.0

ciscoaironet_2800_firmwareRange8.8.125.0–8.9.100.0

AND

ciscoaironet_2800Match-

Node

ciscoaironet_3800_firmwareRange<8.5.151.0

ciscoaironet_3800_firmwareRange8.6–8.8.120.0

ciscoaironet_3800_firmwareRange8.8.125.0–8.9.100.0

AND

ciscoaironet_3800Match-

CPENameOperatorVersion
cisco:aironet_1540_firmwarecisco aironet 1540 firmwarelt8.5.151.0
cisco:aironet_1540_firmwarecisco aironet 1540 firmwarelt8.8.120.0
cisco:aironet_1540_firmwarecisco aironet 1540 firmwarelt8.9.100.0

CPE	Name	Operator	Version
cisco:aironet_1540_firmware	cisco aironet 1540 firmware	lt	8.5.151.0
cisco:aironet_1540_firmware	cisco aironet 1540 firmware	lt	8.8.120.0
cisco:aironet_1540_firmware	cisco aironet 1540 firmware	lt	8.9.100.0

CNA Affected

[
  {
    "product": "Cisco Aironet Access Point Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVE-2019-15265

cisco1 symantec1 nvd1 prion1 cvelist1