CVE-2019-1829
Summary
| CVE | CVE-2019-1829 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-18 02:29:00 UTC |
| Updated | 2020-10-16 17:39:00 UTC |
| Description | A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Aironet 1542d | - | All | All | All |
| Hardware | Cisco | Aironet 1542d | - | All | All | All |
| Hardware | Cisco | Aironet 1542i | - | All | All | All |
| Hardware | Cisco | Aironet 1542i | - | All | All | All |
| Hardware | Cisco | Aironet 1562d | - | All | All | All |
| Hardware | Cisco | Aironet 1562d | - | All | All | All |
| Hardware | Cisco | Aironet 1562e | - | All | All | All |
| Hardware | Cisco | Aironet 1562e | - | All | All | All |
| Hardware | Cisco | Aironet 1562i | - | All | All | All |
| Hardware | Cisco | Aironet 1562i | - | All | All | All |
| Hardware | Cisco | Aironet 1800i | - | All | All | All |
| Hardware | Cisco | Aironet 1800i | - | All | All | All |
| Hardware | Cisco | Aironet 1850e | - | All | All | All |
| Hardware | Cisco | Aironet 1850e | - | All | All | All |
| Hardware | Cisco | Aironet 1850i | - | All | All | All |
| Hardware | Cisco | Aironet 1850i | - | All | All | All |
| Hardware | Cisco | Aironet 2800e | - | All | All | All |
| Hardware | Cisco | Aironet 2800e | - | All | All | All |
| Hardware | Cisco | Aironet 2800i | - | All | All | All |
| Hardware | Cisco | Aironet 2800i | - | All | All | All |
| Hardware | Cisco | Aironet 3800e | - | All | All | All |
| Hardware | Cisco | Aironet 3800e | - | All | All | All |
| Hardware | Cisco | Aironet 3800i | - | All | All | All |
| Hardware | Cisco | Aironet 3800i | - | All | All | All |
| Hardware | Cisco | Aironet 3800p | - | All | All | All |
| Hardware | Cisco | Aironet 3800p | - | All | All | All |
| Operating System | Cisco | Aironet Access Point Firmware | All | All | All | All |
| Operating System | Cisco | Aironet Access Point Firmware | 8.5(131.0) | All | All | All |
| Operating System | Cisco | Aironet Access Point Firmware | 8.5\(131.0\) | All | All | All |
| Operating System | Cisco | Aironet Access Point Firmware | All | All | All | All |
| Operating System | Cisco | Aironet Access Point Firmware | 8.5\(131.0\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Aironet Series Access Points Command Injection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.