Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1835

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.

Published

2019-04-18T02:29:05.903

Last Modified

2024-11-21T04:37:29.893

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-22
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco aironet_access_point_firmware 8.8 Yes
Operating System cisco aironet_access_point_firmware 8.9 Yes
Hardware cisco aironet_1542d - No
Hardware cisco aironet_1542i - No
Hardware cisco aironet_1562d - No
Hardware cisco aironet_1562e - No
Hardware cisco aironet_1562i - No
Hardware cisco aironet_1800i - No
Hardware cisco aironet_1850e - No
Hardware cisco aironet_1850i - No
Hardware cisco aironet_2800e - No
Hardware cisco aironet_2800i - No
Hardware cisco aironet_3800e - No
Hardware cisco aironet_3800i - No
Hardware cisco aironet_3800p - No
References