Data handling in Cisco Aironet 1850 Series Access Points - CVE-2018-0249
Published: May 7, 2018
Vulnerability identifier: #VU12390
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0249
CWE-ID: CWE-19
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Aironet 1850 Series Access Points
Cisco Aironet 1850 Series Access Points
Detailed vulnerability description
The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to incorrect handling of malformed or invalid 802.11 Association Requests. An adjacent attacker can send a specially crafted stream of 802.11 Association Requests to the local interface and cause the service to crash.
The weakness exists due to incorrect handling of malformed or invalid 802.11 Association Requests. An adjacent attacker can send a specially crafted stream of 802.11 Association Requests to the local interface and cause the service to crash.
How to mitigate CVE-2018-0249
Update to versions 8.7(102.0), 8.7(1.30), 8.6(101.0), 8.6(1.117), 8.5(110.0), 8.5(107.49), 8.3(140.0), 8.3(134.8), 8.3(130.5) or 8.2(163.7).