Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1654

Опубликовано: 17 апр. 2019
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:ap-cos:*:*:*:*:*:*:*:*
Версия до 8.3.150.0 (исключая)
cpe:2.3:o:cisco:ap-cos:*:*:*:*:*:*:*:*
Версия от 8.4.100.0 (включая) до 8.5.135.0 (исключая)
cpe:2.3:o:cisco:ap-cos:*:*:*:*:*:*:*:*
Версия от 8.5.140.0 (включая) до 8.8.100.0 (исключая)

Одно из

cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.00205
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-255
CWE-306

Связанные уязвимости

github логотип

GHSA-7r57-xw66-r525

CVSS3: 7.8
github
больше 3 лет назад

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.

fstec логотип

BDU:2019-01674

CVSS3: 7.8
fstec
почти 7 лет назад

Уязвимость микропрограммного обеспечения Cisco AP-COS точек доступа Cisco Aironet Series Access Points (APs), позволяющая нарушителю получить доступ к встроенной операционной системе

EPSS

Процентиль: 42%
0.00205
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-255
CWE-306