CVE-2019-1920 - Vulnerability Details

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Access Points Aironet 3700e Aironet 3700e Firmware Aironet 3700i Aironet 3700i Firmware Aironet 3700p Aironet 3700p Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:aironet_3700e_firmware:15.3\(3\)jc14:::::::*
	cpe:2.3:o:cisco:aironet_3700e_firmware:15.3\(3\)jd6:::::::*

cpe:2.3:h:cisco:aironet_3700e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:aironet_3700i_firmware:15.3\(3\)jc14:::::::*
	cpe:2.3:o:cisco:aironet_3700i_firmware:15.3\(3\)jd6:::::::*

cpe:2.3:h:cisco:aironet_3700i:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:aironet_3700p_firmware:15.3\(3\)jc14:::::::*
	cpe:2.3:o:cisco:aironet_3700p_firmware:15.3\(3\)jd6:::::::*

cpe:2.3:h:cisco:aironet_3700p:-:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:cisco:access_points::::::::
	cpe:2.3:o:cisco:access_points::::::::
	cpe:2.3:o:cisco:access_points::::::::
	cpe:2.3:o:cisco:access_points::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/109312
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos

History

Fri, 22 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-07-17T20:20:13.229582Z

Updated: 2024-11-21T19:19:08.762Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1920

Vulnrichment

Updated: 2024-08-04T18:35:51.296Z

NVD

Status : Modified

Published: 2019-07-17T21:15:12.093

Modified: 2024-11-21T04:37:41.320

Link: CVE-2019-1920

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object