You are here
Home > Preporuke > Ranjivost Cisco Aironet Series proizvoda

Ranjivost Cisco Aironet Series proizvoda

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Aironet Series Access Points Development Shell Access Vulnerability

Advisory ID: cisco-sa-20190417-aironet-shell

Revision: 1.0

For Public Release: 2019 April 17 16:00 GMT

Last Updated: 2019 April 17 16:00 GMT

CVE ID(s): CVE-2019-1654

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials.

The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJct1BVXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+vQP/3dsTppFu9onKzeDcOe9AIowsz/S
degkHwfgIxpFFiowWIWOlfEj7Lx+8OvMMLwMcIDwlJsh6yuaXI1DWtRTTJGyT8jo
yY8LPe3ifKuNUI0MCk2lUVROfgPPVuJf34J3DiGEF29Yp/0F+drrRcNsys2M5Tv7
8q0eAH0Pf2BbHSyYqyYhnAQREpnvWaj2Bh47Odk4tYgv7WKeqvgM7Rc+PLnp3XYB
KmYk8dmnOjevAuV6jqY4FxsfpWshUmRdsmF6yaNs1aRA49n9kTBh9o++hTQ2bOIj
8mK+5U3B+mGUy5WHlOfDXeyrqmrE9HKTAfpf6VCzlD6LFU7fgtVz2eIatbCpNLG/
uRlhcA2Ct/ATB2PLQAVciYPysHaDRo9TfXNtMDIoC1K8hmqzfWZkVGONFhHXjbdY
vSpnXkg623QWmZ0fqMjvyKvY+urCpZl3Ybyygv4ZWAEqcXMuPuev/BQCRrv2Kwet
TekT9x1zVLmztqJVps0rTDkDtbbHJIAQle4gwuzAOGvG3OucISfzLkNLgNB+Ikwc
E6q9VrOwk40P2Q9R9aM/Em/36/nQ9ANCcmao0H0vZ9hU4wvdpH1ajFx6/533POfS
3PR1VBt0OCpHYjhF0rAu9ZkOGo4AlJYQduh+JZGKRRiMMb6/BZ8m6xvkUG9h9RnK
pWBChFgIiNzvl7t2
=KepL
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Ranjivost Cisco Expressway Series i TelePresence VCS proizvoda

Otkrivena je ranjivost u imeniku Cisco Exoressway series i TelePresence VCS proizvoda uzrokovana nepravilnim rukovanjem XML ulaznim podacima. Potencijalni napadač...

Close