Information disclosure in Aironet - CVE-2017-12279
Published: November 2, 2017
Vulnerability identifier: #VU9094
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12279
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Aironet
Aironet
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points due to insufficient condition checks that are performed when the device adds padding to egress packets. An adjacent attacker can send a specially crafted IP packet and retrieve content from memory.
The weakness exists in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points due to insufficient condition checks that are performed when the device adds padding to egress packets. An adjacent attacker can send a specially crafted IP packet and retrieve content from memory.
How to mitigate CVE-2017-12279
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.