Sign-up

ID

VAR-201907-0862


CVE

CVE-2019-1920


TITLE

Cisco IOS Access Points Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006932

DESCRIPTION

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly. Attackers can exploit this issue to cause the device to restart resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvg95745

Trust: 2.07

sources: NVD: CVE-2019-1920 // JVNDB: JVNDB-2019-006932 // BID: 109312 // VULHUB: VHN-151622 // VULMON: CVE-2019-1920

AFFECTED PRODUCTS

vendor:ciscomodel:aironet 3700escope:eqversion:15.3\(3\)jd6

Trust: 1.0

vendor:ciscomodel:aironet 3700pscope:eqversion:15.3\(3\)jd6

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:8.8.100.0

Trust: 1.0

vendor:ciscomodel:aironet 3700iscope:eqversion:15.3\(3\)jc14

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:8.5.131.0

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:8.3.150.0

Trust: 1.0

vendor:ciscomodel:access pointsscope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:access pointsscope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet 3700iscope:eqversion:15.3\(3\)jd6

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:8.2.170.0

Trust: 1.0

vendor:ciscomodel:access pointsscope:gteversion:8.3

Trust: 1.0

vendor:ciscomodel:aironet 3700escope:eqversion:15.3\(3\)jc14

Trust: 1.0

vendor:ciscomodel:aironet 3700pscope:eqversion:15.3\(3\)jc14

Trust: 1.0

vendor:ciscomodel:aironet 3700escope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 3700iscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 3700pscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios access pointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios access points softwarescope:eqversion:8.7

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.6

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.5

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.4

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:37000

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:neversion:8.9

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:neversion:8.8.100.0

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:neversion:8.8

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:neversion:8.5.131.0

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:neversion:8.3.150.0

Trust: 0.3

vendor:ciscomodel:ios access points softwarescope:neversion:8.2.170.0

Trust: 0.3

sources: BID: 109312 // JVNDB: JVNDB-2019-006932 // NVD: CVE-2019-1920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1920
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1920
value: HIGH

Trust: 1.0

NVD: CVE-2019-1920
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-1015
value: HIGH

Trust: 0.6

VULHUB: VHN-151622
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1920
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1920
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-151622
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1920
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1920
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1920
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151622 // VULMON: CVE-2019-1920 // JVNDB: JVNDB-2019-006932 // CNNVD: CNNVD-201907-1015 // NVD: CVE-2019-1920 // NVD: CVE-2019-1920

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-151622 // JVNDB: JVNDB-2019-006932 // NVD: CVE-2019-1920

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1015

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201907-1015

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006932

PATCH
title:cisco-sa-20190717-aironet-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos
Trust: 0.8
title:Cisco IOS Access Points Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95301
Trust: 0.6
title:Cisco: Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190717-aironet-dos
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1920 // 
            
            
            
            JVNDB: JVNDB-2019-006932 // 
            
            
            
            CNNVD: CNNVD-201907-1015

EXTERNAL IDS
db:NVDid:CVE-2019-1920
Trust: 2.9
db:BIDid:109312
Trust: 2.1
db:JVNDBid:JVNDB-2019-006932
Trust: 0.8
db:CNNVDid:CNNVD-201907-1015
Trust: 0.7
db:AUSCERTid:ESB-2019.2676
Trust: 0.6
db:NSFOCUSid:43836
Trust: 0.6
db:VULHUBid:VHN-151622
Trust: 0.1
db:VULMONid:CVE-2019-1920
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151622 // 
            
            
            
            VULMON: CVE-2019-1920 // 
            
            
            
            BID: 109312 // 
            
            
            
            JVNDB: JVNDB-2019-006932 // 
            
            
            
            CNNVD: CNNVD-201907-1015 // 
            
            
            
            NVD: CVE-2019-1920

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190717-aironet-dos
Trust: 2.2
url:http://www.securityfocus.com/bid/109312
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-1920
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1920
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43836
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-802-11r-fast-transition-29830
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2676/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151622 // 
            
            
            
            VULMON: CVE-2019-1920 // 
            
            
            
            BID: 109312 // 
            
            
            
            JVNDB: JVNDB-2019-006932 // 
            
            
            
            CNNVD: CNNVD-201907-1015 // 
            
            
            
            NVD: CVE-2019-1920

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 109312

SOURCES
db:VULHUBid:VHN-151622
db:VULMONid:CVE-2019-1920
db:BIDid:109312
db:JVNDBid:JVNDB-2019-006932
db:CNNVDid:CNNVD-201907-1015
db:NVDid:CVE-2019-1920

LAST UPDATE DATE
2024-08-14T14:04:19.953000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151622date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1920date:2020-10-16T00:00:00
db:BIDid:109312date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2019-006932date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-1015date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1920date:2020-10-16T15:11:50.667

SOURCES RELEASE DATE
db:VULHUBid:VHN-151622date:2019-07-17T00:00:00
db:VULMONid:CVE-2019-1920date:2019-07-17T00:00:00
db:BIDid:109312date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2019-006932date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-1015date:2019-07-17T00:00:00
db:NVDid:CVE-2019-1920date:2019-07-17T21:15:12.093