CVE-2019-15264

Name: CVE-2019-15264
Creator: NVD / NIST
Published: 2019-10-16T19:15:14.05+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.46%

Last modified Jun 17, 2026

CVE-2019-15264 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.46%

36.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Aironet 1540 Firmware	All versions
Cisco	Aironet 1560 Firmware	All versions
Cisco	Aironet 1850 Firmware	All versions
Cisco	Aironet 1850 Firmware	8.9\(1.249\)
Cisco	Aironet 1850 Firmware	8.9\(1.255\)
Cisco	Aironet 1850 Firmware	8.9\(4.28\)
Cisco	Aironet 1850 Firmware	8.9\(4.41\)
Cisco	Aironet 1850 Firmware	8.9\(4.49\)
Cisco	Aironet 1850 Firmware	8.9\(4.55\)
Cisco	Aironet 1850 Firmware	8.9\(4.58\)
Cisco	Aironet 1850 Firmware	8.9\(104.24\)
Cisco	Aironet 1850 Firmware	8.10\(1.139\)
Cisco	Aironet 1850 Firmware	8.10\(1.146\)
Cisco	Aironet 2800 Firmware	All versions
Cisco	Aironet 3800 Firmware	All versions
Cisco	Aironet 4800 Firmware	All versions
Cisco	Catalyst 9100 Firmware	All versions

References

Timeline

Published: Oct 16, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-15264?

How severe is CVE-2019-15264?

CVE-2019-15264 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2019-15264?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15264?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST