CVE-2019-15260
A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.
EPSS 7.10% · 91.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | aironet_1560_firmware | 8.5, 8.8 |
| cisco | aironet_3800_firmware | 8.5, 8.8 |
| cisco | aironet_1540_firmware | 8.8, 8.5 |
| cisco | aironet_2800_firmware | 8.8, 8.5 |
| cisco | aironet_1800_firmware | 8.8, 8.5 |
| Cisco | Cisco Aironet Access Point Software | unspecified |
| cisco | aironet_4800_firmware | 8.5, 8.8 |
Exploit Intelligence
Timeline
- Oct 16, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-pptp-dos advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-15260 advisory