Main Vulnerability Database SB2019101610

SB2019101610 - Improper access control in Cisco Aironet Access Points Software

Published: October 16, 2019 Updated: November 8, 2019

Security Bulletin ID SB2019101610

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2019-15260)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions for certain URLs on an affected device. A remote attacker can request specific URLs from an affected AP and gain access to the target device with elevated privileges.

While the attackers would not be granted access to all possible configuration options, it could allow them to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow perform a denial of service (DoS) attack on clients associated with the AP and disable the AP.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access

SB2019101610 - Improper access control in Cisco Aironet Access Points Software

Breakdown by Severity

Description

Remediation

References

Please verify you're human