CVE-2019-1654 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2019-1654?

CVE-2019-1654 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1654?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ap-Cos, Cisco Aironet 1540, Cisco Aironet 1560, Cisco Aironet 1800, Cisco Aironet 2800.

Vulnerability Description

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ap-Cos	< 8.3.150.0
Cisco	Aironet 1540	-
Cisco	Aironet 1560	-
Cisco	Aironet 1800	-
Cisco	Aironet 2800	-
Cisco	Aironet 3800	-

Related Weaknesses (CWE)

CWE-306 CWE-255

References

http://www.securityfocus.com/bid/107991Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/107991Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1654?

CVE-2019-1654 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker t...

How severe is CVE-2019-1654?

CVE-2019-1654 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1654?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ap-Cos, Cisco Aironet 1540, Cisco Aironet 1560, Cisco Aironet 1800, Cisco Aironet 2800.