ID

VAR-201904-0411


CVE

CVE-2019-1654


TITLE

Cisco AP-COS Vulnerability related to access control in operating system

Trust: 0.8

sources: JVNDB: JVNDB-2019-003482

DESCRIPTION

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected. Cisco AP-COS There are vulnerabilities related to access control in the operating system.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Aironet Access Points is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. This issue is tracked by Cisco Bug ID CSCvk42764

Trust: 1.89

sources: NVD: CVE-2019-1654 // JVNDB: JVNDB-2019-003482 // BID: 107991

AFFECTED PRODUCTS

vendor:ciscomodel:ap-cosscope:gteversion:8.5.140.0

Trust: 1.0

vendor:ciscomodel:ap-cosscope:ltversion:8.5.135.0

Trust: 1.0

vendor:ciscomodel:ap-cosscope:ltversion:8.8.100.0

Trust: 1.0

vendor:ciscomodel:ap-cosscope:gteversion:8.4.100.0

Trust: 1.0

vendor:ciscomodel:ap-cosscope:ltversion:8.3.150.0

Trust: 1.0

vendor:ciscomodel:ap-cosscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.8

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.7

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.6

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.5

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.4

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:28000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.7(106.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.5(131.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.3(143.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15600

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15400

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:neversion:8.8.120.0

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:neversion:8.8.100.0

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:neversion:8.5.140.0

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:neversion:8.5.135.0

Trust: 0.3

vendor:ciscomodel:aironet access point softwarescope:neversion:8.3.150.0

Trust: 0.3

sources: BID: 107991 // JVNDB: JVNDB-2019-003482 // NVD: CVE-2019-1654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1654
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1654
value: HIGH

Trust: 1.0

NVD: CVE-2019-1654
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-833
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-1654
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1654
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1654
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833 // NVD: CVE-2019-1654 // NVD: CVE-2019-1654

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-255

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2019-003482 // NVD: CVE-2019-1654

THREAT TYPE

local

Trust: 0.9

sources: BID: 107991 // CNNVD: CNNVD-201904-833

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-833

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003482

PATCH

title:cisco-sa-20190417-aironet-shellurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell

Trust: 0.8

title:Multiple Cisco Repair measures for product trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91668

Trust: 0.6

sources: JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833

EXTERNAL IDS

db:NVDid:CVE-2019-1654

Trust: 2.7

db:BIDid:107991

Trust: 1.9

db:JVNDBid:JVNDB-2019-003482

Trust: 0.8

db:AUSCERTid:ESB-2019.1329.2

Trust: 0.6

db:CNNVDid:CNNVD-201904-833

Trust: 0.6

sources: BID: 107991 // JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833 // NVD: CVE-2019-1654

REFERENCES

url:http://www.securityfocus.com/bid/107991

Trust: 2.2

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aironet-shell

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-1654

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1654

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-aironet-privilege-escalation-via-development-shell-29080

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79278

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1329.2/

Trust: 0.6

sources: BID: 107991 // JVNDB: JVNDB-2019-003482 // CNNVD: CNNVD-201904-833 // NVD: CVE-2019-1654

CREDITS

Marcin Kopec and Hans Christian Rudolph of Deutsche Telekom

Trust: 0.9

sources: BID: 107991 // CNNVD: CNNVD-201904-833

SOURCES

db:BIDid:107991
db:JVNDBid:JVNDB-2019-003482
db:CNNVDid:CNNVD-201904-833
db:NVDid:CVE-2019-1654

LAST UPDATE DATE

2024-08-14T13:26:41.345000+00:00


SOURCES UPDATE DATE

db:BIDid:107991date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003482date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-833date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1654date:2020-10-16T13:02:41.017

SOURCES RELEASE DATE

db:BIDid:107991date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003482date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-833date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1654date:2019-04-17T22:29:00.327