CVE-2019-1835 - Vulnerability Details

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Aironet 1542d Aironet 1542i Aironet 1562d Aironet 1562e Aironet 1562i Aironet 1800i Aironet 1850e Aironet 1850i Aironet 2800e Aironet 2800i Aironet 3800e Aironet 3800i Aironet 3800p Aironet Access Point Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:aironet_access_point_firmware:8.8:::::::*
	cpe:2.3:o:cisco:aironet_access_point_firmware:8.9:::::::*

OR	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
	cpe:2.3:h:cisco:aironet_1800i:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800p:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108001
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-traversal

History

Thu, 21 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-04-18T01:20:14.523354Z

Updated: 2024-11-21T19:37:00.244Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1835

Vulnrichment

Updated: 2024-08-04T18:28:42.888Z

NVD

Status : Modified

Published: 2019-04-18T02:29:05.903

Modified: 2024-11-21T04:37:29.893

Link: CVE-2019-1835

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object