CVE-2019-1834: Cisco Aironet Series Access Points Denial of Service Vulnerability
First published: Thu Apr 18 2019(Updated: )
A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Aironet Access Point Firmware | >=8.5<8.5.140.0 | |
| Cisco Aironet Access Point Firmware | >=8.6.101.0<8.8.111.0 | |
| Cisco Aironet Access Point Firmware | >=8.8.120.0<8.9.100.0 | |
| Cisco Aironet 1542d | ||
| Cisco Aironet 1542i | ||
| Cisco Aironet 1562d | ||
| Cisco Aironet 1562e | ||
| Cisco Aironet 1562i | ||
| Cisco Aironet 1800i | ||
| Cisco Aironet 2800e | ||
| Cisco Aironet 2800i | ||
| Cisco Aironet 3800e | ||
| Cisco Aironet 3800i | ||
| Cisco Aironet 3800p | ||
| Cisco Aironet Access Point Firmware | =8.5\(131.0\) | |
| Cisco Aironet 1850e | ||
| Cisco Aironet 1850i |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Aironet Access Point firmware vulnerability?
The vulnerability ID for this Cisco Aironet Access Point firmware vulnerability is CVE-2019-1834.
What is the severity rating of CVE-2019-1834?
The severity rating of CVE-2019-1834 is 6.5 (High).
What is the impact of CVE-2019-1834?
CVE-2019-1834 can allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface has port security configured.
How can I fix CVE-2019-1834?
To fix CVE-2019-1834, it is recommended to upgrade the Cisco Aironet Access Point firmware to a version that is not affected by the vulnerability. Additionally, disabling port security on the switch interface where the AP is connected can help mitigate the risk.
Where can I find more information about CVE-2019-1834?
You can find more information about CVE-2019-1834 on the SecurityFocus website and the Cisco Security Advisory.
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco aironet access point firmware
- version/cisco aironet access point firmware/8.5
- version/cisco aironet access point firmware/8.6.101.0
- version/cisco aironet access point firmware/8.8.120.0
- canonical/cisco aironet 1542d
- canonical/cisco aironet 1542i
- canonical/cisco aironet 1562d
- canonical/cisco aironet 1562e
- canonical/cisco aironet 1562i
- canonical/cisco aironet 1800i
- canonical/cisco aironet 2800e
- canonical/cisco aironet 2800i
- canonical/cisco aironet 3800e
- canonical/cisco aironet 3800i
- canonical/cisco aironet 3800p
- version/cisco aironet access point firmware/8.5\(131.0\)
- canonical/cisco aironet 1850e
- canonical/cisco aironet 1850i