Cisco Aironet Series Access Points Directory Traversal Vulnerability
Description
A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A directory traversal in the CLI of Cisco Aironet APs lets an authenticated admin with admin privileges read sensitive system files.
Vulnerability
A directory traversal vulnerability exists in the CLI of Cisco Aironet Access Points (APs) due to improper sanitization of user-supplied input in specific CLI commands [1]. This affects Aironet 1540, 1560, 1800, 2800, and 3800 Series APs running software versions 8.8 and 8.9 [1]. The vulnerable code path is reachable when a user has administrator privileges and accesses the AP's CLI.
Exploitation
An attacker must have local access to the AP with administrator privileges and the ability to issue crafted commands that perform directory traversal [1]. The attacker then inputs specially crafted CLI commands that escape the intended directory scope, allowing reading of files outside the expected path.
Impact
Successful exploitation allows the attacker to view system files on the affected device, which could contain sensitive information such as configuration data, credentials, or other confidential data [1]. The impact is limited to information disclosure; the attacker does not gain code execution or privilege escalation.
Mitigation
Cisco fixed this vulnerability in software releases 8.8(121.0) and 8.9(102.0) [1]. No workarounds are available [1]. Affected users should upgrade to a patched version. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 8.8, 8.9
- Range: 8.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-traversalmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/108001mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.