Details of VAR-201904-0415

ID

VAR-201904-0415

CVE

CVE-2019-1829

TITLE

Cisco Aironet Series Access Points Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003803

DESCRIPTION

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication. This issue being tracked by Cisco Bug ID CSCvk66471. Cisco Aironet 1540 Series APs are all products of Cisco (Cisco). There are misconfiguration vulnerabilities in the CLI of many Cisco products, which originate from unreasonable file configurations and parameter configurations during the use of network systems or components. The following products are affected: Cisco Aironet 1540 Series APs; Aironet 1560 Series APs; Aironet 1800 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs

Trust: 1.98

sources: NVD: CVE-2019-1829 // JVNDB: JVNDB-2019-003803 // BID: 107990 // VULHUB: VHN-150621

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point	scope:	gte	version:	8.6.101.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	lt	version:	8.5.140.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	lt	version:	8.8.111.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	lt	version:	8.3.150.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	gte	version:	8.5	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.5\(131.0\)	Trust: 1.0
vendor:	cisco	model:	aironet series access points	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	38000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.5(103.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15600	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15400	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	ne	version:	0	Trust: 0.3
vendor:	cisco	model:	wireless controller	scope:	ne	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.9(1.107)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.8(111.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.8(104.31)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.5(140.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.5(137.33)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.5(131.10)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.3(146.1)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.3(144.40)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	15700	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	15500	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	15300	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	15200	Trust: 0.3

sources: BID: 107990 // JVNDB: JVNDB-2019-003803 // NVD: CVE-2019-1829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1829
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1829
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1829
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-823
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150621
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1829
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150621
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1829
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1829
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-150621 // JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823 // NVD: CVE-2019-1829 // NVD: CVE-2019-1829

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-16	Trust: 1.0
problemtype:	CWE-287	Trust: 0.9

sources: VULHUB: VHN-150621 // JVNDB: JVNDB-2019-003803 // NVD: CVE-2019-1829

THREAT TYPE

local

Trust: 0.9

sources: BID: 107990 // CNNVD: CNNVD-201904-823

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-823

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003803

PATCH

title:	cisco-sa-20190417-air-ap-cmdinj	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-cmdinj	Trust: 0.8
title:	Multiple Cisco Product configuration error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91658	Trust: 0.6

sources: JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1829	Trust: 2.8
db:	BID	id:	107990	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003803	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-823	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1329.2	Trust: 0.6
db:	VULHUB	id:	VHN-150621	Trust: 0.1

sources: VULHUB: VHN-150621 // BID: 107990 // JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823 // NVD: CVE-2019-1829

REFERENCES

url:	http://www.securityfocus.com/bid/107990	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1829	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1829	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/79278	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1329.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-aironet-privilege-escalation-via-command-injection-29077	Trust: 0.6

sources: VULHUB: VHN-150621 // BID: 107990 // JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823 // NVD: CVE-2019-1829

CREDITS

Marcin Kopec and Hans Christian Rudolph of Deutsche Telekom,Marcin Kopec and Hans Christian Rudolph of Deutsche Telekom.

Trust: 0.6

sources: CNNVD: CNNVD-201904-823

SOURCES

db:	VULHUB	id:	VHN-150621
db:	BID	id:	107990
db:	JVNDB	id:	JVNDB-2019-003803
db:	CNNVD	id:	CNNVD-201904-823
db:	NVD	id:	CVE-2019-1829

LAST UPDATE DATE

2024-08-14T13:26:41.313000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150621	date:	2020-10-16T00:00:00
db:	BID	id:	107990	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003803	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201904-823	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-1829	date:	2020-10-16T17:39:50.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150621	date:	2019-04-18T00:00:00
db:	BID	id:	107990	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003803	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201904-823	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1829	date:	2019-04-18T02:29:05.577