Multiple vulnerabilities in Cisco Small Business 100 Series and 300 Series Wireless Access Points
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-0415 CVE-2018-0412 |
| CWE-ID | CWE-20 CWE-300 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Small Business 300 Series Wireless Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Small Business 100 Series Wireless Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU14435
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0415
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality due to improper processing of certain EAPOL frames. An adjacent attacker can send a stream of specially crafted EAPOL frames, force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests.
Update the affected product to version 1.0.6.7.
Cisco Small Business 300 Series Wireless Access Points: 1.0.6.6
Cisco Small Business 100 Series Wireless Access Points: 1.0.6.6
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Man-in-the-middle attack
EUVDB-ID: #VU14436
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0412
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
Description
The vulnerability allows an adjacent unauthenticated attacker to conduct man-in-the-middle attack.
The vulnerability exists in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality due to improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An adjacent attacker can establish a man-in-the-middle position between a supplicant and an authenticator, manipulate an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher and conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information.
Mitigation
Update the affected product to version 1.0.6.7.
Cisco Small Business 300 Series Wireless Access Points: 1.0.6.6
Cisco Small Business 100 Series Wireless Access Points: 1.0.6.6
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
