SB2018050709 - Multiple vulnerabilities in Cisco Aironet
Published: May 7, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2018-0247)
The vulnerability allows an adjacent unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An adjacent attacker can send traffic to local network resources without having gone through authentication, bypass authentication and pass traffic.
2) Improper input validation (CVE-ID: CVE-2018-0234)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. A remote attacker can initiate a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point and cause the service to crash.
3) Improper authentication (CVE-ID: CVE-2018-0250)
The vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.The weakness exists due to the AP ignoring the ACL download from the client during authentication. An adjacent attacker can connect to the target device with a vulnerable configuration and bypass a configured client FlexConnect ACL.
4) Data handling (CVE-ID: CVE-2018-0249)
The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to incorrect handling of malformed or invalid 802.11 Association Requests. An adjacent attacker can send a specially crafted stream of 802.11 Association Requests to the local interface and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos