Details of VAR-201904-0434

ID

VAR-201904-0434

CVE

CVE-2019-1835

TITLE

Cisco Aironet Access Points Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003524

DESCRIPTION

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected. This issue is being tracked by Cisco Bug ID's CSCvk79392. The following products are vulnerable: Aironet 1540 Series APs Aironet 1560 Series APs Aironet 1800 Series APs Aironet 2800 Series APs Aironet 3800 Series APs. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths

Trust: 1.98

sources: NVD: CVE-2019-1835 // JVNDB: JVNDB-2019-003524 // BID: 108001 // VULHUB: VHN-150687

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.9	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.8	Trust: 1.0
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.8	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.9	Trust: 0.8
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	38000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.8	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15600	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	15400	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.9(1.164)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.8(114.30)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.8(111.0)	Trust: 0.3

sources: BID: 108001 // JVNDB: JVNDB-2019-003524 // NVD: CVE-2019-1835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1835
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1835
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1835
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-825
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150687
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1835
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150687
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1835
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-150687 // JVNDB: JVNDB-2019-003524 // CNNVD: CNNVD-201904-825 // NVD: CVE-2019-1835 // NVD: CVE-2019-1835

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-150687 // JVNDB: JVNDB-2019-003524 // NVD: CVE-2019-1835

THREAT TYPE

local

Trust: 0.9

sources: BID: 108001 // CNNVD: CNNVD-201904-825

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201904-825

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003524

PATCH

title:	cisco-sa-20190417-air-ap-traversal	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-traversal	Trust: 0.8
title:	Multiple Cisco product CLI Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91660	Trust: 0.6

sources: JVNDB: JVNDB-2019-003524 // CNNVD: CNNVD-201904-825

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1835	Trust: 2.8
db:	BID	id:	108001	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003524	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-825	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1329.2	Trust: 0.6
db:	VULHUB	id:	VHN-150687	Trust: 0.1

sources: VULHUB: VHN-150687 // BID: 108001 // JVNDB: JVNDB-2019-003524 // CNNVD: CNNVD-201904-825 // NVD: CVE-2019-1835

REFERENCES

url:	http://www.securityfocus.com/bid/108001	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-traversal	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1835	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1835	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-air-ap-cmdinj	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79278	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1329.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-aironet-directory-traversal-via-cli-commands-29079	Trust: 0.6

sources: VULHUB: VHN-150687 // BID: 108001 // JVNDB: JVNDB-2019-003524 // CNNVD: CNNVD-201904-825 // NVD: CVE-2019-1835

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108001 // CNNVD: CNNVD-201904-825

SOURCES

db:	VULHUB	id:	VHN-150687
db:	BID	id:	108001
db:	JVNDB	id:	JVNDB-2019-003524
db:	CNNVD	id:	CNNVD-201904-825
db:	NVD	id:	CVE-2019-1835

LAST UPDATE DATE

2024-08-14T13:26:41.436000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150687	date:	2019-10-09T00:00:00
db:	BID	id:	108001	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003524	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-825	date:	2020-05-12T00:00:00
db:	NVD	id:	CVE-2019-1835	date:	2019-10-09T23:48:17.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150687	date:	2019-04-18T00:00:00
db:	BID	id:	108001	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003524	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-825	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1835	date:	2019-04-18T02:29:05.903