Lucene search

[email protected]NVD:CVE-2019-1829

HistoryApr 18, 2019 - 2:29 a.m.

CVE-2019-1829

2019-04-1802:29:05

CWE-78

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.

Affected configurations

Nvd

Node

ciscoaironet_access_point_firmwareRange<8.3.150.0

ciscoaironet_access_point_firmwareRange8.5–8.5.140.0

ciscoaironet_access_point_firmwareRange8.6.101.0–8.8.111.0

AND

ciscoaironet_1542dMatch-

ciscoaironet_1542iMatch-

ciscoaironet_1562dMatch-

ciscoaironet_1562eMatch-

ciscoaironet_1562iMatch-

ciscoaironet_1800iMatch-

ciscoaironet_2800eMatch-

ciscoaironet_2800iMatch-

ciscoaironet_3800eMatch-

ciscoaironet_3800iMatch-

ciscoaironet_3800pMatch-

Node

ciscoaironet_access_point_firmwareMatch8.5\(131.0\)

AND

ciscoaironet_1850eMatch-

ciscoaironet_1850iMatch-

VendorProductVersionCPE
ciscoaironet_access_point_firmware*cpe:2.3:o:cisco:aironet_access_point_firmware:*:*:*:*:*:*:*:*
ciscoaironet_1542d-cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*
ciscoaironet_1542i-cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*
ciscoaironet_1562d-cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*
ciscoaironet_1562e-cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*
ciscoaironet_1562i-cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*
ciscoaironet_1800i-cpe:2.3:h:cisco:aironet_1800i:-:*:*:*:*:*:*:*
ciscoaironet_2800e-cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*
ciscoaironet_2800i-cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*
ciscoaironet_3800e-cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	aironet_access_point_firmware	*	cpe:2.3:o:cisco:aironet_access_point_firmware::::::::
cisco	aironet_1542d	-	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
cisco	aironet_1542i	-	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
cisco	aironet_1562d	-	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
cisco	aironet_1562e	-	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
cisco	aironet_1562i	-	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
cisco	aironet_1800i	-	cpe:2.3:h:cisco:aironet_1800i:-:::::::*
cisco	aironet_2800e	-	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
cisco	aironet_2800i	-	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
cisco	aironet_3800e	-	cpe:2.3:h:cisco:aironet_3800e:-:::::::*

Rows per page:

1-10 of 151

References

www.securityfocus.com/bid/107990

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-cmdinj

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.2%

JSON

Related for NVD:CVE-2019-1829

prion1 cisco1 cvelist1 cve1