Sign-up

ID

VAR-201904-0412


CVE

CVE-2019-1826


TITLE

Cisco Aironet Series Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003802

DESCRIPTION

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs

Trust: 1.98

sources: NVD: CVE-2019-1826 // JVNDB: JVNDB-2019-003802 // BID: 107988 // VULHUB: VHN-150588

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access pointscope:eqversion:8.5\(131.3\)

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:aironet series access pointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series access pointsscope:eqversion:48000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:28000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.5(131.3)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15600

Trust: 0.3

sources: BID: 107988 // JVNDB: JVNDB-2019-003802 // NVD: CVE-2019-1826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1826
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1826
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1826
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-822
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150588
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1826
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150588
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1826
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1826
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-150588 // JVNDB: JVNDB-2019-003802 // CNNVD: CNNVD-201904-822 // NVD: CVE-2019-1826 // NVD: CVE-2019-1826

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150588 // JVNDB: JVNDB-2019-003802 // NVD: CVE-2019-1826

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201904-822

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107988 // CNNVD: CNNVD-201904-822

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003802

PATCH
title:cisco-sa-20190417-aap-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aap-dos
Trust: 0.8
title:Multiple Cisco Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91657
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003802 // 
            
            
            
            CNNVD: CNNVD-201904-822

EXTERNAL IDS
db:NVDid:CVE-2019-1826
Trust: 2.8
db:BIDid:107988
Trust: 2.0
db:JVNDBid:JVNDB-2019-003802
Trust: 0.8
db:CNNVDid:CNNVD-201904-822
Trust: 0.7
db:AUSCERTid:ESB-2019.1329.2
Trust: 0.6
db:VULHUBid:VHN-150588
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150588 // 
            
            
            
            BID: 107988 // 
            
            
            
            JVNDB: JVNDB-2019-003802 // 
            
            
            
            CNNVD: CNNVD-201904-822 // 
            
            
            
            NVD: CVE-2019-1826

REFERENCES
url:http://www.securityfocus.com/bid/107988
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aap-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1826
Trust: 1.4
url:http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html
Trust: 0.9
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1826
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79278
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.1329.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-quality-of-service-29076
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150588 // 
            
            
            
            BID: 107988 // 
            
            
            
            JVNDB: JVNDB-2019-003802 // 
            
            
            
            CNNVD: CNNVD-201904-822 // 
            
            
            
            NVD: CVE-2019-1826

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 107988 // 
            
            
            
            CNNVD: CNNVD-201904-822

SOURCES
db:VULHUBid:VHN-150588
db:BIDid:107988
db:JVNDBid:JVNDB-2019-003802
db:CNNVDid:CNNVD-201904-822
db:NVDid:CVE-2019-1826

LAST UPDATE DATE
2024-08-14T13:26:41.404000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150588date:2019-10-09T00:00:00
db:BIDid:107988date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003802date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-822date:2020-05-12T00:00:00
db:NVDid:CVE-2019-1826date:2019-10-09T23:48:15.940

SOURCES RELEASE DATE
db:VULHUBid:VHN-150588date:2019-04-18T00:00:00
db:BIDid:107988date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003802date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-822date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1826date:2019-04-18T02:29:05.467