CVE-2019-1835
4.4
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.8 / Impact: 3.6
Source: NVD
Description
A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.
Affected (2)
Products: Cisco: Aironet Access Point Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.8 |
| Running on/with | Platform Versions |
|---|---|
Cisco Aironet 1542d | All versions |
Cisco Aironet 1542i | All versions |
Cisco Aironet 1562d | All versions |
Cisco Aironet 1562e | All versions |
Cisco Aironet 1562i | All versions |
Cisco Aironet 1800i | All versions |
Cisco Aironet 1850e | All versions |
Cisco Aironet 1850i | All versions |
Cisco Aironet 2800e | All versions |
Cisco Aironet 2800i | All versions |
Cisco Aironet 3800e | All versions |
Cisco Aironet 3800i | All versions |
Cisco Aironet 3800p | All versions |
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.