Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-15264

Опубликовано: 16 окт. 2019
Источник: nvd
CVSS3: 7.4
CVSS3: 6.5
CVSS2: 6.1
EPSS Низкий

Описание

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:aironet_1540_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:aironet_1560_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:cisco:aironet_1850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(1.249\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(1.255\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(4.28\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(4.41\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(4.49\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(4.55\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(4.58\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.9\(104.24\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.10\(1.139\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.10\(1.146\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:cisco:catalyst_9100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00317
Низкий

7.4 High

CVSS3

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-400
CWE-400

Связанные уязвимости

github логотип

GHSA-f532-rj5q-c6j3

CVSS3: 6.5
github
больше 3 лет назад

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

fstec логотип

BDU:2019-03682

CVSS3: 7.4
fstec
больше 6 лет назад

Уязвимость реализации процедуры анализа запросов CAPWAP (Control and Provisioning of Wireless Access Points) микропрограммного обеспечения точек доступа Cisco Aironet Access Points (AP) серии 1540, 1560, 1800, 2800, 3800, 4800 и сетевых устройств Cisco Catalyst, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%
0.00317
Низкий

7.4 High

CVSS3

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-400
CWE-400