CVE-2019-15264

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.317

Associated Vulnerability

Vulnerability	OS Platform
Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability For Cisco Aironet 1850 Series Access Points	NCM
Uncontrolled Resource Consumption Vulnerability (CVE-2019-15264)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705928	Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234