Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15260

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.

Published

2019-10-16T19:15:13.723

Last Modified

2024-11-21T04:28:18.930

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	aironet_1540_firmware	< 8.5.151.0	Yes
Operating System	cisco	aironet_1540_firmware	< 8.8.120.0	Yes
Hardware	cisco	aironet_1540	-	No
Operating System	cisco	aironet_1560_firmware	< 8.5.151.0	Yes
Operating System	cisco	aironet_1560_firmware	< 8.8.120.0	Yes
Hardware	cisco	aironet_1560	-	No
Operating System	cisco	aironet_1800_firmware	< 8.5.151.0	Yes
Operating System	cisco	aironet_1800_firmware	< 8.8.120.0	Yes
Hardware	cisco	aironet_1800	-	No
Operating System	cisco	aironet_2800_firmware	< 8.5.151.0	Yes
Operating System	cisco	aironet_2800_firmware	< 8.8.120.0	Yes
Hardware	cisco	aironet_2800	-	No
Operating System	cisco	aironet_3800_firmware	< 8.5.151.0	Yes
Operating System	cisco	aironet_3800_firmware	< 8.8.120.0	Yes
Hardware	cisco	aironet_3800	-	No
Operating System	cisco	aironet_4800_firmware	< 8.5.151.0	Yes
Operating System	cisco	aironet_4800_firmware	< 8.8.120.0	Yes
Hardware	cisco	aironet_4800	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)