Cisco has recently released patches for numerous serious security vulnerabilities. The flaws existed in the Cisco Aironet Access Points Software, one of which could even lead to remote code execution.
Critical Vulnerability In Cisco Aironet APs
Cisco has fixed a critical security flaw affecting the Aironet Access Points Software. Upon an exploit, the vulnerability CVE-2019-15260 could allow an attacker to gain access to the target device. The attacker could also execute codes on the device with elevated privileges.
As stated in Cisco’s advisory,
(The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. )
Although, an attacker might not attain complete control of the device while exploiting this flaw. It could still let the adversary view sensitive information and meddle with wireless network configurations, disable the access point or cause a denial of service. The vulnerability has received a critical severity rating with a CVSS score of 9.8. It affects Aironet APs from 1540 Series, 1560 Series, 1800 Series, 2800 Series, 3800 Series, and 4800 APs. Whereas, the only product that remained unaffected by this flaw include Catalyst 9100 APs.
Other Cisco Aironet Access Points Software Flaws
Alongside the critical vulnerability, Cisco has also released fixes for two high-severity flaws targeting the Access Points Software. The first of these vulnerabilities, CVE-2019-15261, exists in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet APs. Elaborating this vulnerability in an advisory,
(The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected AP. An attacker could exploit this vulnerability by associating to a vulnerable AP, initiating a PPTP VPN connection to an arbitrary PPTP VPN server, and sending a malicious GRE frame through the data plane of the AP. Successful exploitation of the flaw could allow an attacker to induce DoS to the affected AP. )
The APs affected by this vulnerability include 1810 Series, 1830 Series, and 1850 Series Besides, the other major flaw existed in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation. When triggered, the vulnerability CVE-2019-15264 could lead to denial of service. While CVE-2019-15261 received a CVSS score of 8.6, CVE-2019-15264 was relatively severe with a CVSS score of 7.4 Cisco has released fixes for all three vulnerabilities.