====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN103

_____________________________________________________________________

DATE                : 18/04/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco AP-COS.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell
_____________________________________________________________________

Cisco Security Advisory: Cisco Aironet Series Access Points Development
Shell Access Vulnerability

Advisory ID: cisco-sa-20190417-aironet-shell

Revision: 1.0

For Public Release: 2019 April 17 16:00 GMT

Last Updated: 2019 April 17 16:00 GMT

CVE ID(s): CVE-2019-1654

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the development shell (devshell) authentication for
Cisco Aironet Series Access Points (APs) running the Cisco AP-COS
operating system could allow an authenticated, local attacker to access
the development shell without proper authentication, which allows for
root access to the underlying Linux OS. The attacker would need valid
device credentials.

The vulnerability exists because the software improperly validates user-
supplied input at the CLI authentication prompt for development shell
access. An attacker could exploit this vulnerability by authenticating
to the device and entering crafted input at the CLI. A successful
exploit could allow the attacker to access the AP development shell
without proper authentication, which allows for root access to the
underlying Linux OS.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell"]

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================