Improper input validation in Cisco Small Business 300 Series Wireless Access Points and Cisco Small Business 100 Series Wireless Access Points - CVE-2018-0415
Published: August 15, 2018 / Updated: August 16, 2018
Vulnerability identifier: #VU14435
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0415
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Small Business 300 Series Wireless Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 300 Series Wireless Access Points
Cisco Small Business 100 Series Wireless Access Points
Detailed vulnerability description
The vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality due to improper processing of certain EAPOL frames. An adjacent attacker can send a stream of specially crafted EAPOL frames, force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests.
How to mitigate CVE-2018-0415
Update the affected product to version 1.0.6.7.