Details of VAR-201910-0978

ID

VAR-201910-0978

CVE

CVE-2019-15264

TITLE

Cisco Aironet and Catalyst 9100 Access Points Vulnerabilities related to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-011112

DESCRIPTION

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP. Cisco Aironet AP is a series of access point products

Trust: 2.16

sources: NVD: CVE-2019-15264 // JVNDB: JVNDB-2019-011112 // CNVD: CNVD-2019-39614

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-39614

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet 3800	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1540	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1560	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(4.41\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(104.24\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(1.249\)	Trust: 1.0
vendor:	cisco	model:	aironet 2800	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(4.28\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(4.49\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.10\(1.146\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9100	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.10\(1.139\)	Trust: 1.0
vendor:	cisco	model:	aironet 4800	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(4.55\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(4.58\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9\(1.255\)	Trust: 1.0
vendor:	cisco	model:	aironet 1540 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1560 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1850 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 2800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 3800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 4800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 9100 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	1540	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	1560	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	1800	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	2800	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	3800	Trust: 0.6
vendor:	cisco	model:	aironet aps	scope:	eq	version:	4800	Trust: 0.6
vendor:	cisco	model:	catalyst aps	scope:	eq	version:	9100	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.94.55	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.94.49	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.91.255	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.94.41	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.101.146	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.101.139	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.94.28	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.94.58	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.91.249	Trust: 0.6
vendor:	cisco	model:	aironet 1850	scope:	eq	version:	8.9104.24	Trust: 0.6

sources: CNVD: CNVD-2019-39614 // JVNDB: JVNDB-2019-011112 // CNNVD: CNNVD-201910-1112 // NVD: CVE-2019-15264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15264
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15264
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15264
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-39614
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-1112
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-15264
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-39614
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15264
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15264
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-15264
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-39614 // JVNDB: JVNDB-2019-011112 // CNNVD: CNNVD-201910-1112 // NVD: CVE-2019-15264 // NVD: CVE-2019-15264

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2019-011112 // NVD: CVE-2019-15264

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1112

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1112

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011112

PATCH

title:	cisco-sa-20191016-airo-capwap-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos	Trust: 0.8
title:	Patch for Cisco Aironet Access Points / Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/189145	Trust: 0.6

sources: CNVD: CNVD-2019-39614 // JVNDB: JVNDB-2019-011112

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15264	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011112	Trust: 0.8
db:	CNVD	id:	CNVD-2019-39614	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3875	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1112	Trust: 0.6

sources: CNVD: CNVD-2019-39614 // JVNDB: JVNDB-2019-011112 // CNNVD: CNNVD-201910-1112 // NVD: CVE-2019-15264

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-15264	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-capwap-dos	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15264	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-capwap-30646	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3875/	Trust: 0.6

sources: CNVD: CNVD-2019-39614 // JVNDB: JVNDB-2019-011112 // CNNVD: CNNVD-201910-1112 // NVD: CVE-2019-15264

CREDITS

This vulnerability was found by Xiaomei Jia of Cisco during internal security testing.

Trust: 0.6

sources: CNNVD: CNNVD-201910-1112

SOURCES

db:	CNVD	id:	CNVD-2019-39614
db:	JVNDB	id:	JVNDB-2019-011112
db:	CNNVD	id:	CNNVD-201910-1112
db:	NVD	id:	CVE-2019-15264

LAST UPDATE DATE

2024-08-14T14:19:20.880000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-39614	date:	2019-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-011112	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1112	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-15264	date:	2019-10-22T19:45:03.500

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-39614	date:	2019-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-011112	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1112	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15264	date:	2019-10-16T19:15:14.050