CVE-2019-15264Uncontrolled Resource Consumption in Cisco Aironet Access Point Software

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Aironet Access Point SoftwareCisco Aironet 1850 Firmware
Timeline
PublishedOct 16
Latest updateMay 24

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless m

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_aironet_access_point_softwareunspecifiedn/a
NVDcisco/aironet_1850_firmware10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-f532-rj5q-c6j3: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access P2022-05-24
CVEList
Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability2019-10-16

📋Vendor Advisories

1
Cisco
Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability2019-10-16
CVE-2019-15264 — Uncontrolled Resource Consumption | cvebase