ID

VAR-201910-0979


CVE

CVE-2019-15265


TITLE

Cisco Aironet Access Points Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011113

DESCRIPTION

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline. Cisco Aironet Access Points (APs) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Aironet 1540 Series APs and other products are products of the United States Cisco. Cisco Aironet 1540 Series APs are a 1540 series access point product. Cisco Aironet 1560 Series APs are a 1560 series access point product. Cisco Aironet 1800 Series APs are a 1800 series access point product

Trust: 2.16

sources: NVD: CVE-2019-15265 // JVNDB: JVNDB-2019-011113 // CNVD: CNVD-2019-39603

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39603

AFFECTED PRODUCTS

vendor:ciscomodel:aironet 1560scope:gteversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 2800scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 1800scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 3800scope:ltversion:8.9.100.0

Trust: 1.0

vendor:ciscomodel:aironet 1560scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 2800scope:ltversion:8.9.100.0

Trust: 1.0

vendor:ciscomodel:aironet 3800scope:ltversion:8.8.120.0

Trust: 1.0

vendor:ciscomodel:aironet 3800scope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet 1560scope:ltversion:8.9.100.0

Trust: 1.0

vendor:ciscomodel:aironet 2800scope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet 1800scope:ltversion:8.9.100.0

Trust: 1.0

vendor:ciscomodel:aironet 2800scope:ltversion:8.8.120.0

Trust: 1.0

vendor:ciscomodel:aironet 1800scope:ltversion:8.8.120.0

Trust: 1.0

vendor:ciscomodel:aironet 1560scope:ltversion:8.8.120.0

Trust: 1.0

vendor:ciscomodel:aironet 1800scope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet 3800scope:gteversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1540scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 2800scope:gteversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1800scope:gteversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1540scope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet 1560scope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:aironet 1540scope:ltversion:8.9.100.0

Trust: 1.0

vendor:ciscomodel:aironet 3800scope:ltversion:8.5.151.0

Trust: 1.0

vendor:ciscomodel:aironet 1540scope:ltversion:8.8.120.0

Trust: 1.0

vendor:ciscomodel:aironet 1540scope:gteversion:8.8.125.0

Trust: 1.0

vendor:ciscomodel:aironet 1540 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 1560 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 1800 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 2800 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet 3800 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series apsscope:eqversion:1540

Trust: 0.6

vendor:ciscomodel:aironet series apsscope:eqversion:1560

Trust: 0.6

vendor:ciscomodel:aironet series apsscope:eqversion:1800

Trust: 0.6

vendor:ciscomodel:aironet series apsscope:eqversion:2800

Trust: 0.6

vendor:ciscomodel:aironet series apsscope:eqversion:3800

Trust: 0.6

vendor:ciscomodel:aironet 2800scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:aironet 1560scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:aironet 1800scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:aironet 3800scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:aironet 1540scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15265
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15265
value: HIGH

Trust: 1.0

NVD: CVE-2019-15265
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-39603
value: LOW

Trust: 0.6

CNNVD: CNNVD-201910-1081
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15265
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39603
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15265
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15265
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-15265
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265 // NVD: CVE-2019-15265

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-011113 // NVD: CVE-2019-15265

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1081

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1081

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011113

PATCH

title:cisco-sa-20191016-airo-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-dos

Trust: 0.8

title:Patch for Multiple Cisco Products Input Validation Error Vulnerability (CNVD-2019-39603)url:https://www.cnvd.org.cn/patchInfo/show/189137

Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113

EXTERNAL IDS

db:NVDid:CVE-2019-15265

Trust: 3.0

db:JVNDBid:JVNDB-2019-011113

Trust: 0.8

db:CNVDid:CNVD-2019-39603

Trust: 0.6

db:AUSCERTid:ESB-2019.3874

Trust: 0.6

db:CNNVDid:CNNVD-201910-1081

Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-dos

Trust: 2.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-15265

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15265

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-unauth-access

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-pptp-dos

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-aironet-denial-of-service-via-bpdu-30647

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3874/

Trust: 0.6

sources: CNVD: CNVD-2019-39603 // JVNDB: JVNDB-2019-011113 // CNNVD: CNNVD-201910-1081 // NVD: CVE-2019-15265

SOURCES

db:CNVDid:CNVD-2019-39603
db:JVNDBid:JVNDB-2019-011113
db:CNNVDid:CNNVD-201910-1081
db:NVDid:CVE-2019-15265

LAST UPDATE DATE

2024-08-14T14:26:09.010000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-39603date:2019-11-08T00:00:00
db:JVNDBid:JVNDB-2019-011113date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1081date:2019-10-23T00:00:00
db:NVDid:CVE-2019-15265date:2019-10-22T19:33:18.563

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-39603date:2019-11-08T00:00:00
db:JVNDBid:JVNDB-2019-011113date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1081date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15265date:2019-10-16T19:15:14.147