Details of VAR-201902-0459

ID

VAR-201902-0459

CVE

CVE-2019-1675

TITLE

Cisco Aironet Active Sensor Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14719 // CNNVD: CNNVD-201902-296

DESCRIPTION

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected. This product is mainly used to monitor wireless network performance. This issue is being tracked by Cisco Bug ID CSCvn36382

Trust: 2.61

sources: NVD: CVE-2019-1675 // JVNDB: JVNDB-2019-001666 // CNVD: CNVD-2020-14719 // BID: 106944 // VULHUB: VHN-148927 // VULMON: CVE-2019-1675

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-14719

AFFECTED PRODUCTS

vendor:	cisco	model:	digital network architecture center	scope:	lt	version:	1.2.8	Trust: 2.4
vendor:	cisco	model:	aironet active sensor	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet active sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	network integration applications dnac1.2.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	network integration applications dnac1.2.8	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2020-14719 // BID: 106944 // JVNDB: JVNDB-2019-001666 // NVD: CVE-2019-1675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1675
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1675
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1675
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-14719
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201902-296
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148927
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1675
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1675
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-14719
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148927
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1675
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: CNVD: CNVD-2020-14719 // VULHUB: VHN-148927 // VULMON: CVE-2019-1675 // JVNDB: JVNDB-2019-001666 // CNNVD: CNNVD-201902-296 // NVD: CVE-2019-1675 // NVD: CVE-2019-1675

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-148927 // JVNDB: JVNDB-2019-001666 // NVD: CVE-2019-1675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-296

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201902-296

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001666

PATCH

title:	cisco-sa-20190206-aas-creds	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-aas-creds	Trust: 0.8
title:	Patch for Cisco Aironet Active Sensor Trust Management Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/206141	Trust: 0.6
title:	Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89106	Trust: 0.6
title:	Cisco: Cisco Aironet Active Sensor Static Credentials Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190206-aas-creds	Trust: 0.1
title:	-	url:	https://github.com/ExpLangcn/FuYao-Go	Trust: 0.1

sources: CNVD: CNVD-2020-14719 // VULMON: CVE-2019-1675 // JVNDB: JVNDB-2019-001666 // CNNVD: CNNVD-201902-296

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1675	Trust: 3.5
db:	BID	id:	106944	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001666	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-296	Trust: 0.7
db:	CNVD	id:	CNVD-2020-14719	Trust: 0.6
db:	VULHUB	id:	VHN-148927	Trust: 0.1
db:	VULMON	id:	CVE-2019-1675	Trust: 0.1

sources: CNVD: CNVD-2020-14719 // VULHUB: VHN-148927 // VULMON: CVE-2019-1675 // BID: 106944 // JVNDB: JVNDB-2019-001666 // CNNVD: CNNVD-201902-296 // NVD: CVE-2019-1675

REFERENCES

url:	http://www.securityfocus.com/bid/106944	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1675	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-aas-creds	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1675	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-aas-credsvendor advisory	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2020-14719 // VULHUB: VHN-148927 // BID: 106944 // JVNDB: JVNDB-2019-001666 // CNNVD: CNNVD-201902-296 // NVD: CVE-2019-1675

CREDITS

This vulnerability was found during internal security testing.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201902-296

SOURCES

db:	CNVD	id:	CNVD-2020-14719
db:	VULHUB	id:	VHN-148927
db:	VULMON	id:	CVE-2019-1675
db:	BID	id:	106944
db:	JVNDB	id:	JVNDB-2019-001666
db:	CNNVD	id:	CNNVD-201902-296
db:	NVD	id:	CVE-2019-1675

LAST UPDATE DATE

2024-11-23T23:11:55.509000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-14719	date:	2020-03-01T00:00:00
db:	VULHUB	id:	VHN-148927	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-1675	date:	2019-10-09T00:00:00
db:	BID	id:	106944	date:	2019-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-001666	date:	2019-03-20T00:00:00
db:	CNNVD	id:	CNNVD-201902-296	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1675	date:	2024-11-21T04:37:04.377

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-14719	date:	2020-03-01T00:00:00
db:	VULHUB	id:	VHN-148927	date:	2019-02-07T00:00:00
db:	VULMON	id:	CVE-2019-1675	date:	2019-02-07T00:00:00
db:	BID	id:	106944	date:	2019-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-001666	date:	2019-03-20T00:00:00
db:	CNNVD	id:	CNNVD-201902-296	date:	2019-02-06T00:00:00
db:	NVD	id:	CVE-2019-1675	date:	2019-02-07T20:29:00.277