ID

VAR-201904-0415


CVE

CVE-2019-1829


TITLE

Cisco Aironet Series Access Points Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003803

DESCRIPTION

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication. This issue being tracked by Cisco Bug ID CSCvk66471. Cisco Aironet 1540 Series APs are all products of Cisco (Cisco). There are misconfiguration vulnerabilities in the CLI of many Cisco products, which originate from unreasonable file configurations and parameter configurations during the use of network systems or components. The following products are affected: Cisco Aironet 1540 Series APs; Aironet 1560 Series APs; Aironet 1800 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs

Trust: 1.98

sources: NVD: CVE-2019-1829 // JVNDB: JVNDB-2019-003803 // BID: 107990 // VULHUB: VHN-150621

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access pointscope:gteversion:8.6.101.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:ltversion:8.5.140.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:ltversion:8.8.111.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:ltversion:8.3.150.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:gteversion:8.5

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:eqversion:8.5\(131.0\)

Trust: 1.0

vendor:ciscomodel:aironet series access pointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:28000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.5(103.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15600

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15400

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:0

Trust: 0.3

vendor:ciscomodel:wireless controllerscope:neversion:0

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.9(1.107)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.8(111.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.8(104.31)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.5(140.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.5(137.33)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.5(131.10)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.3(146.1)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:18508.3(144.40)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:15700

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:15500

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:15300

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:neversion:15200

Trust: 0.3

sources: BID: 107990 // JVNDB: JVNDB-2019-003803 // NVD: CVE-2019-1829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1829
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1829
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1829
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-823
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150621
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1829
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150621
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1829
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1829
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-150621 // JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823 // NVD: CVE-2019-1829 // NVD: CVE-2019-1829

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-16

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-150621 // JVNDB: JVNDB-2019-003803 // NVD: CVE-2019-1829

THREAT TYPE

local

Trust: 0.9

sources: BID: 107990 // CNNVD: CNNVD-201904-823

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-823

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003803

PATCH

title:cisco-sa-20190417-air-ap-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-cmdinj

Trust: 0.8

title:Multiple Cisco Product configuration error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91658

Trust: 0.6

sources: JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823

EXTERNAL IDS

db:NVDid:CVE-2019-1829

Trust: 2.8

db:BIDid:107990

Trust: 2.0

db:JVNDBid:JVNDB-2019-003803

Trust: 0.8

db:CNNVDid:CNNVD-201904-823

Trust: 0.7

db:AUSCERTid:ESB-2019.1329.2

Trust: 0.6

db:VULHUBid:VHN-150621

Trust: 0.1

sources: VULHUB: VHN-150621 // BID: 107990 // JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823 // NVD: CVE-2019-1829

REFERENCES

url:http://www.securityfocus.com/bid/107990

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1829

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1829

Trust: 0.8

url:https://www.auscert.org.au/bulletins/79278

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1329.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-aironet-privilege-escalation-via-command-injection-29077

Trust: 0.6

sources: VULHUB: VHN-150621 // BID: 107990 // JVNDB: JVNDB-2019-003803 // CNNVD: CNNVD-201904-823 // NVD: CVE-2019-1829

CREDITS

Marcin Kopec and Hans Christian Rudolph of Deutsche Telekom,Marcin Kopec and Hans Christian Rudolph of Deutsche Telekom.

Trust: 0.6

sources: CNNVD: CNNVD-201904-823

SOURCES

db:VULHUBid:VHN-150621
db:BIDid:107990
db:JVNDBid:JVNDB-2019-003803
db:CNNVDid:CNNVD-201904-823
db:NVDid:CVE-2019-1829

LAST UPDATE DATE

2024-08-14T13:26:41.313000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150621date:2020-10-16T00:00:00
db:BIDid:107990date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003803date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-823date:2020-10-28T00:00:00
db:NVDid:CVE-2019-1829date:2020-10-16T17:39:50.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-150621date:2019-04-18T00:00:00
db:BIDid:107990date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003803date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-823date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1829date:2019-04-18T02:29:05.577