CVE-2019-1920

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly.

CVSS v3 7.4 HIGH
CVSS v2.0 6.1 MEDIUM

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/109312	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:aironet_3700e_firmware:15.3\(3\)jc14:::::::*
	cpe:2.3:o:cisco:aironet_3700e_firmware:15.3\(3\)jd6:::::::*

cpe:2.3:h:cisco:aironet_3700e:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:aironet_3700i_firmware:15.3\(3\)jc14:::::::*
	cpe:2.3:o:cisco:aironet_3700i_firmware:15.3\(3\)jd6:::::::*

cpe:2.3:h:cisco:aironet_3700i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:cisco:aironet_3700p_firmware:15.3\(3\)jc14:::::::*
	cpe:2.3:o:cisco:aironet_3700p_firmware:15.3\(3\)jd6:::::::*

cpe:2.3:h:cisco:aironet_3700p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:cisco:access_points::::::::
	cpe:2.3:o:cisco:access_points::::::::
	cpe:2.3:o:cisco:access_points::::::::
	cpe:2.3:o:cisco:access_points::::::::

History

No history.

Information

Published : 2019-07-17 21:15

Updated : 2024-02-04 20:20

NVD link : CVE-2019-1920

Mitre link : CVE-2019-1920

CVE.ORG link : CVE-2019-1920

JSON object : View

Products Affected

cisco

aironet_3700i_firmware
access_points
aironet_3700e_firmware
aironet_3700p
aironet_3700p_firmware
aironet_3700i
aironet_3700e

CWE

NVD-CWE-Other CWE-20

Improper Input Validation

7.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-1920

7.4^/10

6.1^/10

Attach tags to `CVE-2019-1920`