ID

VAR-201904-0412


CVE

CVE-2019-1826


TITLE

Cisco Aironet Series Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003802

DESCRIPTION

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs

Trust: 1.98

sources: NVD: CVE-2019-1826 // JVNDB: JVNDB-2019-003802 // BID: 107988 // VULHUB: VHN-150588

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access pointscope:eqversion:8.5\(131.3\)

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:aironet series access pointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series access pointsscope:eqversion:48000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:28000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.5(131.3)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15600

Trust: 0.3

sources: BID: 107988 // JVNDB: JVNDB-2019-003802 // NVD: CVE-2019-1826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1826
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1826
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1826
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-822
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150588
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1826
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150588
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1826
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1826
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-150588 // JVNDB: JVNDB-2019-003802 // CNNVD: CNNVD-201904-822 // NVD: CVE-2019-1826 // NVD: CVE-2019-1826

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150588 // JVNDB: JVNDB-2019-003802 // NVD: CVE-2019-1826

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201904-822

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107988 // CNNVD: CNNVD-201904-822

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003802

PATCH

title:cisco-sa-20190417-aap-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aap-dos

Trust: 0.8

title:Multiple Cisco Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91657

Trust: 0.6

sources: JVNDB: JVNDB-2019-003802 // CNNVD: CNNVD-201904-822

EXTERNAL IDS

db:NVDid:CVE-2019-1826

Trust: 2.8

db:BIDid:107988

Trust: 2.0

db:JVNDBid:JVNDB-2019-003802

Trust: 0.8

db:CNNVDid:CNNVD-201904-822

Trust: 0.7

db:AUSCERTid:ESB-2019.1329.2

Trust: 0.6

db:VULHUBid:VHN-150588

Trust: 0.1

sources: VULHUB: VHN-150588 // BID: 107988 // JVNDB: JVNDB-2019-003802 // CNNVD: CNNVD-201904-822 // NVD: CVE-2019-1826

REFERENCES

url:http://www.securityfocus.com/bid/107988

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-aap-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1826

Trust: 1.4

url:http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html

Trust: 0.9

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1826

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79278

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1329.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-quality-of-service-29076

Trust: 0.6

sources: VULHUB: VHN-150588 // BID: 107988 // JVNDB: JVNDB-2019-003802 // CNNVD: CNNVD-201904-822 // NVD: CVE-2019-1826

CREDITS

Cisco

Trust: 0.9

sources: BID: 107988 // CNNVD: CNNVD-201904-822

SOURCES

db:VULHUBid:VHN-150588
db:BIDid:107988
db:JVNDBid:JVNDB-2019-003802
db:CNNVDid:CNNVD-201904-822
db:NVDid:CVE-2019-1826

LAST UPDATE DATE

2024-08-14T13:26:41.404000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150588date:2019-10-09T00:00:00
db:BIDid:107988date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003802date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-822date:2020-05-12T00:00:00
db:NVDid:CVE-2019-1826date:2019-10-09T23:48:15.940

SOURCES RELEASE DATE

db:VULHUBid:VHN-150588date:2019-04-18T00:00:00
db:BIDid:107988date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003802date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-822date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1826date:2019-04-18T02:29:05.467