CVE-2019-1805

CWE-284Improper Access ControlCWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 73.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Wireless LAN Controller (wlc)Cisco Wireless LAN Controller Software
Timeline
PublishedApr 18
Latest updateMay 13

Description

A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controll

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_wireless_lan_controller_(wlc)unspecified8.5(140.0)

🔴Vulnerability Details

2
GHSA
GHSA-mcf3-mmrq-wrhp: A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software2022-05-13
CVEList
Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability2019-04-18

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability2019-04-17
CVE-2019-1805 (MEDIUM CVSS 4.3) | A vulnerability in certain access c | cvebase.io