CVE-2019-1920

Published: Jul 17, 2019Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly.

Affected (10)

Products: Cisco: Aironet 3700e Firmware, Aironet 3700i Firmware, Aironet 3700p Firmware, Access Points

Cisco

4 products

Aironet 3700e Firmware

Aironet 3700i Firmware

Aironet 3700p Firmware

Access Points

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 3700e Firmware	Version 15.3(3)jc14
Cisco Aironet 3700e Firmware	Version 15.3(3)jd6

Running on/with	Platform Versions
Cisco Aironet 3700e	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 3700i Firmware	Version 15.3(3)jc14
Cisco Aironet 3700i Firmware	Version 15.3(3)jd6

Running on/with	Platform Versions
Cisco Aironet 3700i	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 3700p Firmware	Version 15.3(3)jc14
Cisco Aironet 3700p Firmware	Version 15.3(3)jd6

Running on/with	Platform Versions
Cisco Aironet 3700p	All versions

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Access Points	Before 8.2.170.0
Cisco Access Points	From 8.3 to 8.3.150.0
Cisco Access Points	From 8.4 to 8.5.131.0
Cisco Access Points	From 8.6 to 8.8.100.0