CVE-2019-1654

Cisco Aironet Series Access Points Development Shell Access Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.

Una vulnerabilidad en la autorización shell de desarrollo (devshell) para Aironet Series Access Points (APs) de Cisco que utilizan el sistema operativo AP-COS de Cisco podría permitir que un atacante local identificado acceder a shell de desarrollo sin la autenticación adecuada, lo que permite el acceso root al subyacente SO Linux. El atacante necesitaría credenciales de dispositivo válidas. La vulnerabilidad se debe a que el programa comprueba incorrectamente la entrada suministrada por el usuario en la solicitud de autorización de CLI para el acceso a shell de desarrollo. Un atacante podría aprovechar esta vulnerabilidad al identificarse en el dispositivo e ingresar una entrada creada en la CLI. Una operación con éxito podría permitir al atacante acceder a shell de desarrollo de AP sin la identificación adecuada, lo que permite el acceso de root al sistema operativo Linux subyacente. Las versiones del programa anteriores a 8.3.150.0, 8.5.135.0 y 8.8.100.0 están afectadas.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-04-17 CVE Published
2023-03-08 EPSS Updated
2024-11-20 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors
CWE-306: Missing Authentication for Critical Function

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/107991	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell	2020-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	< 8.3.150.0 Search vendor "Cisco" for product "Ap-cos" and version " < 8.3.150.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1540 Search vendor "Cisco" for product "Aironet 1540"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	< 8.3.150.0 Search vendor "Cisco" for product "Ap-cos" and version " < 8.3.150.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1560 Search vendor "Cisco" for product "Aironet 1560"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	< 8.3.150.0 Search vendor "Cisco" for product "Ap-cos" and version " < 8.3.150.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1800 Search vendor "Cisco" for product "Aironet 1800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	< 8.3.150.0 Search vendor "Cisco" for product "Ap-cos" and version " < 8.3.150.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800 Search vendor "Cisco" for product "Aironet 2800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	< 8.3.150.0 Search vendor "Cisco" for product "Ap-cos" and version " < 8.3.150.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800 Search vendor "Cisco" for product "Aironet 3800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.4.100.0 < 8.5.135.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.4.100.0 < 8.5.135.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1540 Search vendor "Cisco" for product "Aironet 1540"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.4.100.0 < 8.5.135.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.4.100.0 < 8.5.135.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1560 Search vendor "Cisco" for product "Aironet 1560"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.4.100.0 < 8.5.135.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.4.100.0 < 8.5.135.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1800 Search vendor "Cisco" for product "Aironet 1800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.4.100.0 < 8.5.135.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.4.100.0 < 8.5.135.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800 Search vendor "Cisco" for product "Aironet 2800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.4.100.0 < 8.5.135.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.4.100.0 < 8.5.135.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800 Search vendor "Cisco" for product "Aironet 3800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.5.140.0 < 8.8.100.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.5.140.0 < 8.8.100.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1540 Search vendor "Cisco" for product "Aironet 1540"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.5.140.0 < 8.8.100.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.5.140.0 < 8.8.100.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1560 Search vendor "Cisco" for product "Aironet 1560"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.5.140.0 < 8.8.100.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.5.140.0 < 8.8.100.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1800 Search vendor "Cisco" for product "Aironet 1800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.5.140.0 < 8.8.100.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.5.140.0 < 8.8.100.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800 Search vendor "Cisco" for product "Aironet 2800"	-	-	Safe
Cisco Search vendor "Cisco"	Ap-cos Search vendor "Cisco" for product "Ap-cos"	>= 8.5.140.0 < 8.8.100.0 Search vendor "Cisco" for product "Ap-cos" and version " >= 8.5.140.0 < 8.8.100.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800 Search vendor "Cisco" for product "Aironet 3800"	-	-	Safe