CVE-2019-1675

Published: Feb 7, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected.

Affected (2)

Products: Cisco: Aironet Active Sensor, Digital Network Architecture Center

2 products

Aironet Active Sensor

Digital Network Architecture Center

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Aironet Active Sensor	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Digital Network Architecture Center	Before 1.2.8

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://www.securityfocus.com/bid/106944

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-aas-creds

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/106944

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-aas-creds

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.