CVE-2019-15260

CWE-284Improper Access Control4 documents4 sources
Severity
9.8CRITICAL
EPSS
7.2%
top 8.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Cisco Cisco Aironet Access Point SoftwareCisco Aironet 1540 FirmwareCisco Aironet 1560 Firmware+4 more
Timeline
PublishedOct 16
Latest updateMay 24

Description

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be gr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

CVEListV5cisco/cisco_aironet_access_point_softwareunspecifiedn/a
NVDcisco/aironet_1540_firmware8.58.5.151.0+1
NVDcisco/aironet_1560_firmware8.58.5.151.0+1
NVDcisco/aironet_1800_firmware8.58.5.151.0+1
NVDcisco/aironet_2800_firmware8.58.5.151.0+1

🔴Vulnerability Details

2
GHSA
GHSA-rfr3-7m2c-w5hg: A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targete2022-05-24
CVEList
Cisco Aironet Access Points Unauthorized Access Vulnerability2019-10-16

📋Vendor Advisories

1
Cisco
Cisco Aironet Access Points Unauthorized Access Vulnerability2019-10-16
CVE-2019-15260 (CRITICAL CVSS 9.8) | A vulnerability in Cisco Aironet Ac | cvebase.io