Vulnerability Details : CVE-2019-1805
A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0).
Vulnerability category: Input validationBypassGain privilege
Products affected by CVE-2019-1805
- cpe:2.3:a:cisco:wireless_lan_controller_software:8.3\(141.0\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1805
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1805
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
Cisco Systems, Inc. | |
4.3
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2019-1805
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2019-1805
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-ssh
Cisco Wireless LAN Controller Secure Shell Unauthorized Access VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/108003
Cisco Wireless LAN Controller CVE-2019-1805 Unauthorized Access VulnerabilityThird Party Advisory;VDB Entry
Jump to