Cisco Aironet Access Point Firmware vulnerabilities

CVE-2019-1835 [MEDIUM] CWE-22 CVE-2019-1835: A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administr

CVE-2019-1834 [MEDIUM] CWE-20 CVE-2019-1834: A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wire

CVE-2019-1829 [MEDIUM] CWE-16 CVE-2019-1829: A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for cer

CVE-2019-1826 [MEDIUM] CWE-20 CVE-2019-1826: A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit t

CVE-2017-3873 [HIGH] CWE-20 CVE-2017-3873: A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Serie A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses.

CVE-2017-3834 [CRITICAL] CWE-255 CVE-2017-3834: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cis A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express