SB2017110215 - Multiple vulnerabilities in Cisco Aironet
Published: November 2, 2017
Security Bulletin ID
SB2017110215
Severity
Low
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-12279)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.The weakness exists in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points due to insufficient condition checks that are performed when the device adds padding to egress packets. An adjacent attacker can send a specially crafted IP packet and retrieve content from memory.
2) Denial of service (CVE-ID: CVE-2017-12283)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points due to improper validation of received 802.11w PAF disassociation and deauthentication frames. An adjacent attacker can send a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network and terminate a single valid user connection to the affected device.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.