CVE-2019-1675

CWE-798Hard-coded Credentials4 documents4 sources
Severity
7.5HIGH
EPSS
1.0%
top 23.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Aironet Active SensorCisco Digital Network Architecture Center
Timeline
PublishedFeb 7
Latest updateMay 13

Description

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS)

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_aironet_active_sensorunspecifiedDNAC1.2.8

🔴Vulnerability Details

2
GHSA
GHSA-hprm-r4mh-xh3f: A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor2022-05-13
CVEList
Cisco Aironet Active Sensor Static Credentials Vulnerability2019-02-07

📋Vendor Advisories

1
Cisco
Cisco Aironet Active Sensor Static Credentials Vulnerability2019-02-06
CVE-2019-1675 (HIGH CVSS 7.5) | A vulnerability in the default conf | cvebase.io