CVE-2019-1835

Name of the Vulnerable Software and Affected Versions Cisco Aironet Access Points versions 8.8 through 8.9

Description The issue is related to improper restriction of a directory path name, which could allow an attacker to gain unauthorized access to protected information. An authenticated, local attacker could exploit this by accessing the CLI of an affected device with administrator privileges and issuing crafted commands, resulting in directory traversal. This could allow the attacker to view system files, potentially containing sensitive information.

Recommendations For versions 8.8 and 8.9, consider restricting access to the CLI to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using specific CLI commands that could result in directory traversal until the issue is resolved.