ID

VAR-201910-0976


CVE

CVE-2019-15261


TITLE

Cisco Aironet Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011110

DESCRIPTION

A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected AP. An attacker could exploit this vulnerability by associating to a vulnerable AP, initiating a PPTP VPN connection to an arbitrary PPTP VPN server, and sending a malicious GRE frame through the data plane of the AP. A successful exploit could allow the attacker to cause an internal process of the targeted AP to crash, which in turn would cause the AP to reload. The AP reload would cause a DoS condition for clients that are associated with the AP. Cisco Aironet Access Points (APs) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Aironet AP is a series of access point products

Trust: 2.16

sources: NVD: CVE-2019-15261 // JVNDB: JVNDB-2019-011110 // CNVD: CNVD-2019-39607

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39607

AFFECTED PRODUCTS

vendor:ciscomodel:aironet 1850scope:gteversion:8.9

Trust: 1.0

vendor:ciscomodel:aironet 1850scope:ltversion:8.9.111.0

Trust: 1.0

vendor:ciscomodel:aironet 1850scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 1830scope:gteversion:8.8

Trust: 1.0

vendor:ciscomodel:aironet 1810scope:gteversion:8.8

Trust: 1.0

vendor:ciscomodel:aironet 1830scope:gteversion:8.9

Trust: 1.0

vendor:ciscomodel:aironet 1810scope:gteversion:8.9

Trust: 1.0

vendor:ciscomodel:aironet 1830scope:ltversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1810scope:ltversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1850scope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:aironet 1830scope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:aironet 1830scope:ltversion:8.9.111.0

Trust: 1.0

vendor:ciscomodel:aironet 1810scope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:aironet 1810scope:ltversion:8.9.111.0

Trust: 1.0

vendor:ciscomodel:aironet 1850scope:ltversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1830scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 1810scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 1850scope:gteversion:8.8

Trust: 1.0

vendor:ciscomodel:aironet 1810 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 1830 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 1850 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series apsscope:eqversion:1810

Trust: 0.6

vendor:ciscomodel:aironet series apsscope:eqversion:1830

Trust: 0.6

vendor:ciscomodel:aironet series apsscope:eqversion:1850

Trust: 0.6

vendor:ciscomodel:aironet 1850scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:aironet 1810scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:aironet 1830scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-39607 // JVNDB: JVNDB-2019-011110 // CNNVD: CNNVD-201910-1116 // NVD: CVE-2019-15261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15261
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15261
value: HIGH

Trust: 1.0

NVD: CVE-2019-15261
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-39607
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-1116
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-15261
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39607
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ykramarz@cisco.com: CVE-2019-15261
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15261
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-39607 // JVNDB: JVNDB-2019-011110 // CNNVD: CNNVD-201910-1116 // NVD: CVE-2019-15261 // NVD: CVE-2019-15261

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-011110 // NVD: CVE-2019-15261

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1116

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1116

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011110

PATCH

title:cisco-sa-20191016-airo-pptp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-pptp-dos

Trust: 0.8

title:Patch for Cisco Aironet Access PPTP Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/189141

Trust: 0.6

sources: CNVD: CNVD-2019-39607 // JVNDB: JVNDB-2019-011110

EXTERNAL IDS

db:NVDid:CVE-2019-15261

Trust: 3.0

db:JVNDBid:JVNDB-2019-011110

Trust: 0.8

db:CNVDid:CNVD-2019-39607

Trust: 0.6

db:AUSCERTid:ESB-2019.3874

Trust: 0.6

db:CNNVDid:CNNVD-201910-1116

Trust: 0.6

sources: CNVD: CNVD-2019-39607 // JVNDB: JVNDB-2019-011110 // CNNVD: CNNVD-201910-1116 // NVD: CVE-2019-15261

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-pptp-dos

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15261

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15261

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-unauth-access

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-dos

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-pptp-30648

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3874/

Trust: 0.6

sources: CNVD: CNVD-2019-39607 // JVNDB: JVNDB-2019-011110 // CNNVD: CNNVD-201910-1116 // NVD: CVE-2019-15261

SOURCES

db:CNVDid:CNVD-2019-39607
db:JVNDBid:JVNDB-2019-011110
db:CNNVDid:CNNVD-201910-1116
db:NVDid:CVE-2019-15261

LAST UPDATE DATE

2024-08-14T14:26:08.983000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-39607date:2019-11-08T00:00:00
db:JVNDBid:JVNDB-2019-011110date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1116date:2019-10-23T00:00:00
db:NVDid:CVE-2019-15261date:2019-10-22T19:51:02.877

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-39607date:2019-11-07T00:00:00
db:JVNDBid:JVNDB-2019-011110date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1116date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15261date:2019-10-16T19:15:13.847