CVE-2019-15261

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.6HIGH

EPSS

1.4%

top 19.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Aironet Access Point Software Cisco Aironet 1810 Firmware Cisco Aironet 1830 Firmware +1 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected AP. An attacker could exploit this vulnerability by associating to a vulnerable …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5cisco/cisco_aironet_access_point_softwareunspecified — n/a

▶NVDcisco/aironet_1810_firmware8.4 — 8.5.151.0+2

▶NVDcisco/aironet_1830_firmware8.4 — 8.5.151.0+2

▶NVDcisco/aironet_1850_firmware8.4 — 8.5.151.0+2

🔴Vulnerability Details

GHSA

GHSA-3273-9gqr-v74w: A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow a↗2022-05-24

▶

CVEList

Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability↗2019-10-16

▶

📋Vendor Advisories

Cisco

Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability↗2019-10-16

▶