CVE-2019-15264— Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-15264
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Aironet and Catalyst 9100 Access Points 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Aironet and Catalyst 9100 Access Points (APs) 中的Control and Provisioning of Wireless Access Points (CAPWAP)协议实现存在资源管理错误漏洞,该漏洞源于程序没有进行正确的资源管理。攻击者可通过在短时间内发送大量的合法无线管理帧利用该漏洞造成拒绝服务。以下产品及版本受到影响:Cisco Aironet 1540;Series Aps;Aironet 1560 Series Aps;Aironet
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software | unspecified ~ n/a | - |
II. Public POCs for CVE-2019-15264
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-15264
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dosvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-15264
Same Patch Batch · Cisco · 2019-10-16 · 41 CVEs total
| CVE-2019-15241 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15251 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15247 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15248 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15246 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15244 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15245 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15242 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15243 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15240 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15250 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-12705 | Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting V | |
| CVE-2019-12708 | Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Discl | |
| CVE-2019-12718 | Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability | |
| CVE-2019-12703 | Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability | |
| CVE-2019-12704 | Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosu | |
| CVE-2019-12638 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | |
| CVE-2019-12702 | Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability | |
| CVE-2019-12636 | Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability | |
| CVE-2019-12637 | Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities |
Showing top 20 of 41 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco Aironet Access Point Software
Same vendor: Cisco
- CVE-2026-20224
Cisco Catalyst SD-WAN Manager XML External Entity Injection - CVE-2026-20210
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerabi - CVE-2026-20209
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerabi - CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulne - CVE-2026-20219
Cisco Slido 安全漏洞
Same weakness: CWE-400
- CVE-2026-8769
vercel ai provider-utils response-handler.ts createJsonError - CVE-2026-42304
Twisted: Denial of Service (DoS) in twisted.names via Crafte - CVE-2026-44248
Netty: Resource exhaustion in MqttDecoder - CVE-2026-42587
Netty: HttpContentDecompressor maxAllocation bypass via Cont - CVE-2026-42583
Netty: Lz4FrameDecoder resource exhaustion
V. Comments for CVE-2019-15264
No comments yet