Details of VAR-201904-0433

ID

VAR-201904-0433

CVE

CVE-2019-1834

TITLE

Cisco Aironet Series Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003523

DESCRIPTION

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability. Cisco Aironet Series Access Points (APs) Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvj96316, CSCvm97169. Cisco Aironet 1540 Series APs are all products of Cisco (Cisco). An input validation error vulnerability exists in the internal packet processing of several Cisco products. The vulnerability is caused by the network system or product not properly validating the input data. The following products are affected: Cisco Aironet 1540 Series APs; Aironet 1560 Series APs; Aironet 1800 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs

Trust: 1.98

sources: NVD: CVE-2019-1834 // JVNDB: JVNDB-2019-003523 // BID: 108000 // VULHUB: VHN-150676

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point	scope:	lt	version:	8.9.100.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	gte	version:	8.8.120.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	gte	version:	8.6.101.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	lt	version:	8.8.111.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	lt	version:	8.5.140.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	gte	version:	8.5	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.5\(131.0\)	Trust: 1.0
vendor:	cisco	model:	aironet access point software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	38000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.5(131.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15600	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15400	Trust: 0.3

sources: BID: 108000 // JVNDB: JVNDB-2019-003523 // NVD: CVE-2019-1834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1834
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1834
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1834
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-824
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150676
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1834
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150676
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1834
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1834
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-150676 // JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824 // NVD: CVE-2019-1834 // NVD: CVE-2019-1834

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-150676 // JVNDB: JVNDB-2019-003523 // NVD: CVE-2019-1834

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201904-824

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-824

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003523

PATCH

title:	cisco-sa-20190417-air-ap-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-dos	Trust: 0.8
title:	Multiple Cisco Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91659	Trust: 0.6

sources: JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1834	Trust: 2.8
db:	BID	id:	108000	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003523	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-824	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1329.2	Trust: 0.6
db:	VULHUB	id:	VHN-150676	Trust: 0.1

sources: VULHUB: VHN-150676 // BID: 108000 // JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824 // NVD: CVE-2019-1834

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-dos	Trust: 2.6
url:	http://www.securityfocus.com/bid/108000	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1834	Trust: 1.4
url:	http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html	Trust: 0.9
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1834	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79278	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1329.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-malformed-wireless-client-packets-29078	Trust: 0.6

sources: VULHUB: VHN-150676 // BID: 108000 // JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824 // NVD: CVE-2019-1834

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201904-824

SOURCES

db:	VULHUB	id:	VHN-150676
db:	BID	id:	108000
db:	JVNDB	id:	JVNDB-2019-003523
db:	CNNVD	id:	CNNVD-201904-824
db:	NVD	id:	CVE-2019-1834

LAST UPDATE DATE

2024-08-14T13:26:41.373000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150676	date:	2019-10-09T00:00:00
db:	BID	id:	108000	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003523	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-824	date:	2020-05-12T00:00:00
db:	NVD	id:	CVE-2019-1834	date:	2019-10-09T23:48:17.253

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150676	date:	2019-04-18T00:00:00
db:	BID	id:	108000	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003523	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-824	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1834	date:	2019-04-18T02:29:05.843