Vulnerability Description
A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Aironet Access Point Firmware | 8.8 |
| Cisco | Aironet 1542D | - |
| Cisco | Aironet 1542I | - |
| Cisco | Aironet 1562D | - |
| Cisco | Aironet 1562E | - |
| Cisco | Aironet 1562I | - |
| Cisco | Aironet 1800I | - |
| Cisco | Aironet 1850E | - |
| Cisco | Aironet 1850I | - |
| Cisco | Aironet 2800E | - |
| Cisco | Aironet 2800I | - |
| Cisco | Aironet 3800E | - |
| Cisco | Aironet 3800I | - |
| Cisco | Aironet 3800P | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108001Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108001Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1835?
CVE-2019-1835 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanit...
How severe is CVE-2019-1835?
CVE-2019-1835 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1835?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet Access Point Firmware, Cisco Aironet 1542D, Cisco Aironet 1542I, Cisco Aironet 1562D, Cisco Aironet 1562E.