Vulnerability identifier: #VU14436
Vulnerability risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-300
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Cisco Small Business 300 Series Wireless Access Points
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco Small Business 100 Series Wireless Access Points
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Cisco Systems, Inc
Description
The vulnerability allows an adjacent unauthenticated attacker to conduct man-in-the-middle attack.
The vulnerability exists in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality due to improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An adjacent attacker can establish a man-in-the-middle position between a supplicant and an authenticator, manipulate an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher and conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information.
Mitigation
Update the affected product to version 1.0.6.7.
Vulnerable software versions
Cisco Small Business 300 Series Wireless Access Points: 1.0.6.6
Cisco Small Business 100 Series Wireless Access Points: 1.0.6.6
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encry...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.