Main Vulnerability Database Vulnerabilities #VU15419

#VU15419 Improper input validation in Cisco IOS - CVE-2018-0441

Published: October 17, 2018 / Updated: October 18, 2018

Vulnerability identifier: #VU15419

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0441

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the 802.11r Fast Transition feature set due to a corruption of certain timer mechanisms triggered by specific roaming events. An adjacent attacker can send malicious reassociation events multiple times to the same AP in a short period of time and cause a DoS condition on the affected AP.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos