CVE-2019-1675

Name of the Vulnerable Software and Affected Versions Cisco Aironet Active Sensor versions prior to 1.2.8

Description A vulnerability in the default configuration of the Cisco Aironet Active Sensor exists due to a default local account with a static password. This account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI, allowing them to reboot the device repeatedly and create a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account.

Recommendations For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.