#VU14435 Improper input validation in Cisco Small Business 300 Series Wireless Access Points and Cisco Small Business 100 Series Wireless Access Points - CVE-2018-0415
Published: August 15, 2018 / Updated: August 16, 2018
Vulnerability identifier: #VU14435
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0415
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Small Business 300 Series Wireless Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 300 Series Wireless Access Points
Cisco Small Business 100 Series Wireless Access Points
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality due to improper processing of certain EAPOL frames. An adjacent attacker can send a stream of specially crafted EAPOL frames, force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests.
Remediation
Update the affected product to version 1.0.6.7.