ID

VAR-201904-0433


CVE

CVE-2019-1834


TITLE

Cisco Aironet Series Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003523

DESCRIPTION

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability. Cisco Aironet Series Access Points (APs) Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvj96316, CSCvm97169. Cisco Aironet 1540 Series APs are all products of Cisco (Cisco). An input validation error vulnerability exists in the internal packet processing of several Cisco products. The vulnerability is caused by the network system or product not properly validating the input data. The following products are affected: Cisco Aironet 1540 Series APs; Aironet 1560 Series APs; Aironet 1800 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs

Trust: 1.98

sources: NVD: CVE-2019-1834 // JVNDB: JVNDB-2019-003523 // BID: 108000 // VULHUB: VHN-150676

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access pointscope:ltversion:8.9.100.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:gteversion:8.8.120.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:gteversion:8.6.101.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:ltversion:8.8.111.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:ltversion:8.5.140.0

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:gteversion:8.5

Trust: 1.0

vendor:ciscomodel:aironet access pointscope:eqversion:8.5\(131.0\)

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:28000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.5(131.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15600

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:15400

Trust: 0.3

sources: BID: 108000 // JVNDB: JVNDB-2019-003523 // NVD: CVE-2019-1834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1834
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1834
value: HIGH

Trust: 1.0

NVD: CVE-2019-1834
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-824
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150676
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1834
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150676
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1834
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1834
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-150676 // JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824 // NVD: CVE-2019-1834 // NVD: CVE-2019-1834

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150676 // JVNDB: JVNDB-2019-003523 // NVD: CVE-2019-1834

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201904-824

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-824

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003523

PATCH

title:cisco-sa-20190417-air-ap-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-dos

Trust: 0.8

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91659

Trust: 0.6

sources: JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824

EXTERNAL IDS

db:NVDid:CVE-2019-1834

Trust: 2.8

db:BIDid:108000

Trust: 2.0

db:JVNDBid:JVNDB-2019-003523

Trust: 0.8

db:CNNVDid:CNNVD-201904-824

Trust: 0.7

db:AUSCERTid:ESB-2019.1329.2

Trust: 0.6

db:VULHUBid:VHN-150676

Trust: 0.1

sources: VULHUB: VHN-150676 // BID: 108000 // JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824 // NVD: CVE-2019-1834

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-dos

Trust: 2.6

url:http://www.securityfocus.com/bid/108000

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1834

Trust: 1.4

url:http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html

Trust: 0.9

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1834

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79278

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1329.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-malformed-wireless-client-packets-29078

Trust: 0.6

sources: VULHUB: VHN-150676 // BID: 108000 // JVNDB: JVNDB-2019-003523 // CNNVD: CNNVD-201904-824 // NVD: CVE-2019-1834

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201904-824

SOURCES

db:VULHUBid:VHN-150676
db:BIDid:108000
db:JVNDBid:JVNDB-2019-003523
db:CNNVDid:CNNVD-201904-824
db:NVDid:CVE-2019-1834

LAST UPDATE DATE

2024-08-14T13:26:41.373000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150676date:2019-10-09T00:00:00
db:BIDid:108000date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003523date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-824date:2020-05-12T00:00:00
db:NVDid:CVE-2019-1834date:2019-10-09T23:48:17.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-150676date:2019-04-18T00:00:00
db:BIDid:108000date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003523date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-824date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1834date:2019-04-18T02:29:05.843