SB2019071720 - Input validation error in Cisco IOS Access Points Software (APs)
Published: July 17, 2019 Updated: July 18, 2019
Security Bulletin ID
SB2019071720
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2019-1920)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due a lack of complete error handling condition for client authentication requests sent to the 802.11r Fast Transition (FT) implementation. An attacker can send crafted authentication request traffic to the targeted interface and cause the device to restart unexpectedly.
Remediation
Install update from vendor's website.