Details of VAR-201910-0979

ID

VAR-201910-0979

CVE

CVE-2019-15265

TITLE

Cisco Aironet Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011113

DESCRIPTION

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline. Cisco Aironet Access Points (APs) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Aironet 1540 Series APs and other products are products of the United States Cisco. Cisco Aironet 1540 Series APs are a 1540 series access point product. Cisco Aironet 1560 Series APs are a 1560 series access point product. Cisco Aironet 1800 Series APs are a 1800 series access point product

Trust: 2.16

sources: NVD: CVE-2019-15265 // JVNDB: JVNDB-2019-011113 // CNVD: CNVD-2019-39603

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-39603

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet 1560	scope:	gte	version:	8.8.125.0	Trust: 1.0
vendor:	cisco	model:	aironet 2800	scope:	lt	version:	8.5.151.0	Trust: 1.0
vendor:	cisco	model:	aironet 1800	scope:	lt	version:	8.5.151.0	Trust: 1.0
vendor:	cisco	model:	aironet 3800	scope:	lt	version:	8.9.100.0	Trust: 1.0
vendor:	cisco	model:	aironet 1560	scope:	lt	version:	8.5.151.0	Trust: 1.0
vendor:	cisco	model:	aironet 2800	scope:	lt	version:	8.9.100.0	Trust: 1.0
vendor:	cisco	model:	aironet 3800	scope:	lt	version:	8.8.120.0	Trust: 1.0
vendor:	cisco	model:	aironet 3800	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	aironet 1560	scope:	lt	version:	8.9.100.0	Trust: 1.0
vendor:	cisco	model:	aironet 2800	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	aironet 1800	scope:	lt	version:	8.9.100.0	Trust: 1.0
vendor:	cisco	model:	aironet 2800	scope:	lt	version:	8.8.120.0	Trust: 1.0
vendor:	cisco	model:	aironet 1800	scope:	lt	version:	8.8.120.0	Trust: 1.0
vendor:	cisco	model:	aironet 1560	scope:	lt	version:	8.8.120.0	Trust: 1.0
vendor:	cisco	model:	aironet 1800	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	aironet 3800	scope:	gte	version:	8.8.125.0	Trust: 1.0
vendor:	cisco	model:	aironet 1540	scope:	lt	version:	8.5.151.0	Trust: 1.0
vendor:	cisco	model:	aironet 2800	scope:	gte	version:	8.8.125.0	Trust: 1.0
vendor:	cisco	model:	aironet 1800	scope:	gte	version:	8.8.125.0	Trust: 1.0
vendor:	cisco	model:	aironet 1540	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	aironet 1560	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	aironet 1540	scope:	lt	version:	8.9.100.0	Trust: 1.0
vendor:	cisco	model:	aironet 3800	scope:	lt	version:	8.5.151.0	Trust: 1.0
vendor:	cisco	model:	aironet 1540	scope:	lt	version:	8.8.120.0	Trust: 1.0
vendor:	cisco	model:	aironet 1540	scope:	gte	version:	8.8.125.0	Trust: 1.0
vendor:	cisco	model:	aironet 1540 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1560 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 2800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 3800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	1540	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	1560	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	1800	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	2800	Trust: 0.6
vendor:	cisco	model:	aironet series aps	scope:	eq	version:	3800	Trust: 0.6
vendor:	cisco	model:	aironet 2800	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1560	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1800	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 3800	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1540	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15265
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15265
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15265
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-39603
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201910-1081
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-15265
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-39603
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15265
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15265
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-15265
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265 // NVD: CVE-2019-15265

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-011113 // NVD: CVE-2019-15265

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1081

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1081

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011113

PATCH

title:	cisco-sa-20191016-airo-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos	Trust: 0.8
title:	Patch for Multiple Cisco Products Input Validation Error Vulnerability (CNVD-2019-39603)	url:	https://www.cnvd.org.cn/patchInfo/show/189137	Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15265	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011113	Trust: 0.8
db:	CNVD	id:	CNVD-2019-39603	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3874	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1081	Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-dos	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15265	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15265	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-unauth-access	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-pptp-dos	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-bpdu-30647	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3874/	Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265

SOURCES

db:	CNVD	id:	CNVD-2019-39603
db:	JVNDB	id:	JVNDB-2019-011113
db:	CNNVD	id:	CNNVD-201910-1081
db:	NVD	id:	CVE-2019-15265

LAST UPDATE DATE

2024-08-14T14:26:09.010000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-39603	date:	2019-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-011113	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1081	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-15265	date:	2019-10-22T19:33:18.563

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-39603	date:	2019-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-011113	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1081	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15265	date:	2019-10-16T19:15:14.147