VDB

CVE-2019-15264

CVE-2019-15264 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

EPSS 0.32% · 55.1th percentile

Risk Scores

CVSS 3.0
7.400000095367432
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.32%
55.1th percentile

Affected Products

VendorProductVersions
CiscoCisco Aironet Access Point Softwareunspecified
ciscoaironet_2800_firmware
ciscoaironet_1540_firmware
ciscoaironet_1850_firmware8.9\(4.28\), 8.9\(4.58\), 8.9\(104.24\)
ciscoaironet_4800_firmware
ciscoaironet_1560_firmware
ciscocatalyst_9100_firmware
ciscoaironet_3800_firmware

Exploit Intelligence

Timeline

  • Oct 16, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›