← Back

CVE-2019-1829

nvd nist
Published: Apr 18, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.

Affected (4)

Cisco
1 product
Aironet Access Point Firmware
Configuration A
3 vulnerable · 11 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet Access Point Firmware
Before 8.3.150.0
Aironet Access Point Firmware
From 8.5 to 8.5.140.0
Aironet Access Point Firmware
From 8.6.101.0 to 8.8.111.0
Running on/withPlatform Versions
Cisco
Aironet 1542d
All versions
Cisco
Aironet 1542i
All versions
Cisco
Aironet 1562d
All versions
Cisco
Aironet 1562e
All versions
Cisco
Aironet 1562i
All versions
Cisco
Aironet 1800i
All versions
Cisco
Aironet 2800e
All versions
Cisco
Aironet 2800i
All versions
Cisco
Aironet 3800e
All versions
Cisco
Aironet 3800i
All versions
Cisco
Aironet 3800p
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Aironet Access Point Firmware
Version 8.5(131.0)
Running on/withPlatform Versions
Cisco
Aironet 1850e
All versions
Cisco
Aironet 1850i
All versions

Related CWEs

CWE-16
CWE-16
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.