Details of VAR-201904-0411

ID

VAR-201904-0411

CVE

CVE-2019-1654

TITLE

Cisco AP-COS Vulnerability related to access control in operating system

Trust: 0.8

sources: JVNDB: JVNDB-2019-003482

DESCRIPTION

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected. Cisco AP-COS There are vulnerabilities related to access control in the operating system.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Aironet Access Points is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. This issue is tracked by Cisco Bug ID CSCvk42764

Trust: 1.89

sources: NVD: CVE-2019-1654 // JVNDB: JVNDB-2019-003482 // BID: 107991

AFFECTED PRODUCTS

vendor:	cisco	model:	ap-cos	scope:	gte	version:	8.5.140.0	Trust: 1.0
vendor:	cisco	model:	ap-cos	scope:	lt	version:	8.5.135.0	Trust: 1.0
vendor:	cisco	model:	ap-cos	scope:	lt	version:	8.8.100.0	Trust: 1.0
vendor:	cisco	model:	ap-cos	scope:	gte	version:	8.4.100.0	Trust: 1.0
vendor:	cisco	model:	ap-cos	scope:	lt	version:	8.3.150.0	Trust: 1.0
vendor:	cisco	model:	ap-cos	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.8	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.7	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.4	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.3	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.2	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	38000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.7(106.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.5(131.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.3(143.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15600	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15400	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	ne	version:	8.8.120.0	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	ne	version:	8.8.100.0	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	ne	version:	8.5.140.0	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	ne	version:	8.5.135.0	Trust: 0.3
vendor:	cisco	model:	aironet access point software	scope:	ne	version:	8.3.150.0	Trust: 0.3

sources: BID: 107991 // JVNDB: JVNDB-2019-003482 // NVD: CVE-2019-1654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1654
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1654
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1654
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-833
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-1654
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

ykramarz@cisco.com:	CVE-2019-1654
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1654
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833 // NVD: CVE-2019-1654 // NVD: CVE-2019-1654

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-255	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2019-003482 // NVD: CVE-2019-1654

THREAT TYPE

local

Trust: 0.9

sources: BID: 107991 // CNNVD: CNNVD-201904-833

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-833

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003482

PATCH

title:	cisco-sa-20190417-aironet-shell	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell	Trust: 0.8
title:	Multiple Cisco Repair measures for product trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91668	Trust: 0.6

sources: JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1654	Trust: 2.7
db:	BID	id:	107991	Trust: 1.9
db:	JVNDB	id:	JVNDB-2019-003482	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.1329.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-833	Trust: 0.6

sources: BID: 107991 // JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833 // NVD: CVE-2019-1654

REFERENCES

url:	http://www.securityfocus.com/bid/107991	Trust: 2.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aironet-shell	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1654	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1654	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-aironet-privilege-escalation-via-development-shell-29080	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79278	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1329.2/	Trust: 0.6

sources: BID: 107991 // JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833 // NVD: CVE-2019-1654

CREDITS

Marcin Kopec and Hans Christian Rudolph of Deutsche Telekom

Trust: 0.9

sources: BID: 107991 // CNNVD: CNNVD-201904-833

SOURCES

db:	BID	id:	107991
db:	JVNDB	id:	JVNDB-2019-003482
db:	CNNVD	id:	CNNVD-201904-833
db:	NVD	id:	CVE-2019-1654

LAST UPDATE DATE

2024-08-14T13:26:41.345000+00:00

SOURCES UPDATE DATE

db:	BID	id:	107991	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003482	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-833	date:	2020-10-19T00:00:00
db:	NVD	id:	CVE-2019-1654	date:	2020-10-16T13:02:41.017

SOURCES RELEASE DATE

db:	BID	id:	107991	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003482	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-833	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1654	date:	2019-04-17T22:29:00.327