#VU9094 Information disclosure in Aironet - CVE-2017-12279
Published: November 2, 2017
Vulnerability identifier: #VU9094
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12279
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Aironet
Aironet
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points due to insufficient condition checks that are performed when the device adds padding to egress packets. An adjacent attacker can send a specially crafted IP packet and retrieve content from memory.
The weakness exists in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points due to insufficient condition checks that are performed when the device adds padding to egress packets. An adjacent attacker can send a specially crafted IP packet and retrieve content from memory.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.