cnvd-2019-36456
Vulnerability from cnvd
Title
Cisco Aironet Access Points Software访问控制错误漏洞
Description
Cisco Aironet 1540 Series APs等都是美国思科(Cisco)公司的产品。Cisco Aironet 1540 Series APs是一款1540系列访问接入点产品。Cisco Aironet 1560 Series APs是一款1560系列访问接入点产品。Cisco Aironet 1800 Series APs是一款1800系列访问接入点产品。Aironet Access Points(APs)Software是运行在其中的一套操作系统。 Cisco APs Software中存在访问控制错误漏洞,该漏洞源于程序未能对一些URLs进行充分的访问控制,远程攻击者可通过请求URL利用该漏洞以提升的权限未授权访问目标设备。
Severity
Patch Name
Cisco Aironet Access Points Software访问控制错误漏洞的补丁
Patch Description
Cisco Aironet 1540 Series APs等都是美国思科(Cisco)公司的产品。Cisco Aironet 1540 Series APs是一款1540系列访问接入点产品。Cisco Aironet 1560 Series APs是一款1560系列访问接入点产品。Cisco Aironet 1800 Series APs是一款1800系列访问接入点产品。Aironet Access Points(APs)Software是运行在其中的一套操作系统。 Cisco APs Software中存在访问控制错误漏洞,该漏洞源于程序未能对一些URLs进行充分的访问控制,远程攻击者可通过请求URL利用该漏洞以提升的权限未授权访问目标设备。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access

Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-15260 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access
Impacted products
Name
['Cisco Aironet 1540 Series Aps', 'Cisco Aironet 1560 Series Aps', 'Cisco Aironet 1800 Series Aps', 'Cisco Aironet 2800 Series Aps', 'Cisco Aironet 3800 Series Aps', 'Cisco Aironet 4800 APs']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15260"
    }
  },
  "description": "Cisco Aironet 1540 Series APs\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Aironet 1540 Series APs\u662f\u4e00\u6b3e1540\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1560 Series APs\u662f\u4e00\u6b3e1560\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1800 Series APs\u662f\u4e00\u6b3e1800\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Aironet Access Points\uff08APs\uff09Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco APs Software\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u4e00\u4e9bURLs\u8fdb\u884c\u5145\u5206\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf7\u6c42URL\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u672a\u6388\u6743\u8bbf\u95ee\u76ee\u6807\u8bbe\u5907\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-36456",
  "openTime": "2019-10-22",
  "patchDescription": "Cisco Aironet 1540 Series APs\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Aironet 1540 Series APs\u662f\u4e00\u6b3e1540\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1560 Series APs\u662f\u4e00\u6b3e1560\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Cisco Aironet 1800 Series APs\u662f\u4e00\u6b3e1800\u7cfb\u5217\u8bbf\u95ee\u63a5\u5165\u70b9\u4ea7\u54c1\u3002Aironet Access Points\uff08APs\uff09Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco APs Software\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u4e00\u4e9bURLs\u8fdb\u884c\u5145\u5206\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf7\u6c42URL\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u672a\u6388\u6743\u8bbf\u95ee\u76ee\u6807\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Aironet Access Points Software\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Aironet 1540 Series Aps",
      "Cisco Aironet 1560 Series Aps",
      "Cisco Aironet 1800 Series Aps",
      "Cisco Aironet 2800 Series Aps",
      "Cisco Aironet 3800 Series Aps",
      "Cisco Aironet 4800 APs"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15260\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-18",
  "title": "Cisco Aironet Access Points Software\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.