← Back

CVE-2019-15264

nvd nist
Published: Oct 16, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

Affected (17)

Cisco
7 products
Aironet 1540 Firmware
Aironet 1560 Firmware
Aironet 1850 Firmware
Aironet 2800 Firmware
Aironet 3800 Firmware
Aironet 4800 Firmware
Catalyst 9100 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aironet 1540 Firmware
All versions
Running on/withPlatform Versions
Cisco
Aironet 1540
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aironet 1560 Firmware
All versions
Running on/withPlatform Versions
Cisco
Aironet 1560
All versions
Configuration C
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1850 Firmware
All versions
Aironet 1850 Firmware
Version 8.10(1.139)
Aironet 1850 Firmware
Version 8.10(1.146)
Aironet 1850 Firmware
Version 8.9(1.249)
Aironet 1850 Firmware
Version 8.9(1.255)
Aironet 1850 Firmware
Version 8.9(104.24)
Aironet 1850 Firmware
Version 8.9(4.28)
Aironet 1850 Firmware
Version 8.9(4.41)
Aironet 1850 Firmware
Version 8.9(4.49)
Aironet 1850 Firmware
Version 8.9(4.55)
Aironet 1850 Firmware
Version 8.9(4.58)
Running on/withPlatform Versions
Cisco
Aironet 1800
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aironet 2800 Firmware
All versions
Running on/withPlatform Versions
Cisco
Aironet 2800
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aironet 3800 Firmware
All versions
Running on/withPlatform Versions
Cisco
Aironet 3800
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aironet 4800 Firmware
All versions
Running on/withPlatform Versions
Cisco
Aironet 4800
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Catalyst 9100 Firmware
All versions
Running on/withPlatform Versions
Cisco
Catalyst 9100
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.