CVE-2019-1920

CWE-20Improper Input Validation6 documents6 sources
Severity
7.4HIGH
EPSS
0.9%
top 24.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Cisco Aironet Access Point SoftwareCisco Access PointsCisco Aironet 3700e Firmware+2 more
Timeline
PublishedJul 17
Latest updateMay 24

Description

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted int

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages5 packages

CVEListV5cisco/cisco_aironet_access_point_softwareunspecified8.8.100.0
NVDcisco/access_points8.38.3.150.0+3
NVDcisco/aironet_3700e_firmware15.3\(3\)jc14, 15.3\(3\)jd6+1
NVDcisco/aironet_3700i_firmware15.3\(3\)jc14, 15.3\(3\)jd6+1
NVDcisco/aironet_3700p_firmware15.3\(3\)jc14, 15.3\(3\)jd6+1

🔴Vulnerability Details

2
GHSA
GHSA-4w9g-6vm8-cmqg: A vulnerability in the 8022022-05-24
CVEList
Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability2019-07-17

💥Exploits & PoCs

2
Exploit-DB
Webmin 1.920 - Remote Code Execution2019-08-19
Nuclei
Webmin <= 1.920 - Unauthenticated Remote Command Execution

📋Vendor Advisories

1
Cisco
Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability2019-07-17
CVE-2019-1920 (HIGH CVSS 7.4) | A vulnerability in the 802.11r Fast | cvebase.io