SB2017110215 - Multiple vulnerabilities in Cisco Aironet
Published: November 2, 2017
Security Bulletin ID
SB2017110215
CSH Severity
Low
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Partial DoS
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-12279)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points due to insufficient condition checks that are performed when the device adds padding to egress packets. An adjacent attacker can send a specially crafted IP packet and retrieve content from memory.
2) Denial of service (CVE-ID: CVE-2017-12283)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points due to improper validation of received 802.11w PAF disassociation and deauthentication frames. An adjacent attacker can send a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network and terminate a single valid user connection to the affected device.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.