CVE-2019-1835Path Traversal in Cisco Aironet Access Point Software

CWE-22Path Traversal4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 76.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Aironet Access Point SoftwareCisco Aironet Access Point Firmware
Timeline
PublishedApr 18
Latest updateMay 13

Description

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system fil

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5297-pw47-52pg: A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in2022-05-13
CVEList
Cisco Aironet Series Access Points Directory Traversal Vulnerability2019-04-18

📋Vendor Advisories

1
Cisco
Cisco Aironet Series Access Points Directory Traversal Vulnerability2019-04-17