Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to cisco - 6300_series_access_points

Vulnerability from fkie_nvd

Published

2021-09-23 03:15

Modified

2024-11-21 06:11

Severity ?

7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	aironet_access_point_software	*
cisco	aironet_access_point_software	17.2
cisco	aironet_access_point_software	17.3
cisco	1100-4g\/6g_integrated_services_router	-
cisco	1100-4p_integrated_services_router	-
cisco	1100-8p_integrated_services_router	-
cisco	1100_integrated_services_router	-
cisco	1101-4p_integrated_services_router	-
cisco	1101_integrated_services_router	-
cisco	1109-2p_integrated_services_router	-
cisco	1109-4p_integrated_services_router	-
cisco	1109_integrated_services_router	-
cisco	1111x-8p_integrated_services_router	-
cisco	1111x_integrated_services_router	-
cisco	111x_integrated_services_router	-
cisco	1120_integrated_services_router	-
cisco	1160_integrated_services_router	-
cisco	6300_series_access_points	-
cisco	aironet_1540	-
cisco	aironet_1542d	-
cisco	aironet_1542i	-
cisco	aironet_1560	-
cisco	aironet_1562d	-
cisco	aironet_1562e	-
cisco	aironet_1562i	-
cisco	aironet_1800	-
cisco	aironet_1800i	-
cisco	aironet_1810	-
cisco	aironet_1810w	-
cisco	aironet_1815	-
cisco	aironet_1815i	-
cisco	aironet_1830	-
cisco	aironet_1830e	-
cisco	aironet_1830i	-
cisco	aironet_1840	-
cisco	aironet_1850	-
cisco	aironet_1850e	-
cisco	aironet_1850i	-
cisco	aironet_2800	-
cisco	aironet_2800e	-
cisco	aironet_2800i	-
cisco	aironet_3800	-
cisco	aironet_3800e	-
cisco	aironet_3800i	-
cisco	aironet_3800p	-
cisco	aironet_4800	-
cisco	catalyst_9100	-
cisco	catalyst_9105	-
cisco	catalyst_9105axi	-
cisco	catalyst_9105axw	-
cisco	catalyst_9115	-
cisco	catalyst_9115_ap	-
cisco	catalyst_9115axe	-
cisco	catalyst_9115axi	-
cisco	catalyst_9117	-
cisco	catalyst_9117_ap	-
cisco	catalyst_9117axi	-
cisco	catalyst_9120	-
cisco	catalyst_9120_ap	-
cisco	catalyst_9120axe	-
cisco	catalyst_9120axi	-
cisco	catalyst_9120axp	-
cisco	catalyst_9124	-
cisco	catalyst_9124axd	-
cisco	catalyst_9124axi	-
cisco	catalyst_9130	-
cisco	catalyst_9130_ap	-
cisco	catalyst_9130axe	-
cisco	catalyst_9130axi	-
cisco	catalyst_iw6300	-
cisco	catalyst_iw6300_ac	-
cisco	catalyst_iw6300_dc	-
cisco	catalyst_iw6300_dcw	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_access_point_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2688A8E4-F734-4353-889C-D4346F838AD3",
              "versionEndExcluding": "8.10.162.0",
              "versionStartIncluding": "8.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_access_point_software:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58FD0CE4-DF50-41B9-9ED5-049585DA8E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_access_point_software:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C881D9-8270-4413-B762-33E9661FC407",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1100-4g\\/6g_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F668B9-2C1D-4306-8286-35E67D0F67C7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D2305B-B69E-4F74-A44E-07B3205CE9F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DD41B3-1D1D-44D3-BA8E-5A66AFEE77E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1952B64C-4AE0-4CCB-86C5-8D1FF6A12822",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAD4397-6DCF-493A-BD61-3A890F6F3AB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB8A757-7888-4AC2-BE44-B89DB83C6C77",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2F0A8E-97F6-41AC-BE67-4B2D60F9D36B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9229F3-7BCE-46C4-9879-D57B5BAAE44E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80890A8-E3D3-462C-B125-9E9BC6525B02",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5A606FE-E6F1-43F9-B1CD-D9DF35FC3573",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0547E196-5991-4C33-823A-342542E9DFD3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "802CBFC1-8A2F-4BF7-A1D3-00622C33BE16",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFE0FC1-EEBC-42F0-88B0-4AF5B76DDD97",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D916389F-54DB-44CB-91DD-7CE3C7059350",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:6300_series_access_points:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E6F57DE-E039-49D7-B240-48CBD9CACD6C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC836B4D-A489-4300-B0A2-EF0B6E01E623",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F923CF-D4EB-48F8-821D-8BB3A69ABB62",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1810w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D613A17-FFA9-4FF0-9C2A-AF8ACD59B765",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "207DC80E-499C-4CA3-8A88-F027DBC64CCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1830:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "093AB3A8-853B-4094-BFB5-6A8775AAA8D3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69CA9D6-914D-436F-AA81-B218CC312D29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0B76A8-377E-4176-8F04-B0D468D4E767",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "749040C6-A21A-4EF3-8213-42EE01CFA303",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F3CCCFE-88CC-4F7B-8958-79CA62516EA9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C77B06-3C22-4092-AAAB-DB099A0B16A6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4081C532-3B10-4FBF-BB22-5BA17BC6FCF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A3430C-9AF7-4604-AD95-FCF2989E9EB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCE2220-E2E6-4A17-9F0A-2C927FAB4AA5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AE36E2-E7E9-4E49-8BFF-615DACFC65C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47C2D6F-8F90-4D74-AFE1-EAE954021F46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04889F8-3C2A-41AA-9DC9-5A4A4BBE60E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11EF240-7599-4138-B7A7-17E4479F5B83",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E987C945-4D6D-4BE5-B6F0-784B7E821D11",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B434C6D7-F583-4D2B-9275-38A5EC4ECC30",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "248A3FFC-C33C-4336-A37C-67B6046556E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_iw6300_ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23153AA4-B169-4421-BFF8-873205FC9C21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_iw6300_dc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67DC3B71-B64D-4C49-B089-B274FA34ECB6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F857465-314F-4124-9835-8A269486D654",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n WLAN Control Protocol (WCP) para Cisco Aironet Access Point (AP) software podr\u00eda permitir a un atacante adyacente no autenticado causar una recarga de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad es debido al manejo incorrecto de errores cuando un dispositivo afectado recibe una trama 802.11 inesperada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de determinadas tramas 802.11 a trav\u00e9s de la red inal\u00e1mbrica a una interfaz de un AP afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar un filtrado de b\u00fafer de paquetes. Esto podr\u00eda resultar eventualmente en fallos en la asignaci\u00f3n del b\u00fafer, lo que desencadenar\u00eda una recarga del dispositivo afectado"
    }
  ],
  "id": "CVE-2021-34740",
  "lastModified": "2024-11-21T06:11:05.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-23T03:15:19.947",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 21:15

Modified

2024-11-21 05:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	aironet_1542i_firmware	*
cisco	aironet_1542i_firmware	8.10\(1.255\)
cisco	aironet_1542i	-
cisco	aironet_1542d_firmware	*
cisco	aironet_1542d_firmware	8.10\(1.255\)
cisco	aironet_1542d	-
cisco	aironet_1562i_firmware	*
cisco	aironet_1562i_firmware	8.10\(1.255\)
cisco	aironet_1562i	-
cisco	aironet_1562e_firmware	*
cisco	aironet_1562e_firmware	8.10\(1.255\)
cisco	aironet_1562e	-
cisco	aironet_1562d_firmware	*
cisco	aironet_1562d_firmware	8.10\(1.255\)
cisco	aironet_1562d	-
cisco	aironet_1815_firmware	*
cisco	aironet_1815_firmware	8.10\(1.255\)
cisco	aironet_1815	-
cisco	aironet_1830_firmware	*
cisco	aironet_1830_firmware	8.10\(1.255\)
cisco	aironet_1830	-
cisco	aironet_1840_firmware	*
cisco	aironet_1840_firmware	8.10\(1.255\)
cisco	aironet_1840	-
cisco	aironet_1850_firmware	*
cisco	aironet_1850_firmware	8.10\(1.255\)
cisco	aironet_1850	-
cisco	aironet_2800i_firmware	*
cisco	aironet_2800i_firmware	8.10\(1.255\)
cisco	aironet_2800i	-
cisco	aironet_2800e_firmware	*
cisco	aironet_2800e_firmware	8.10\(1.255\)
cisco	aironet_2800e	-
cisco	aironet_3800i_firmware	*
cisco	aironet_3800i_firmware	8.10\(1.255\)
cisco	aironet_3800i	-
cisco	aironet_3800e_firmware	*
cisco	aironet_3800e_firmware	8.10\(1.255\)
cisco	aironet_3800e	-
cisco	aironet_3800p_firmware	*
cisco	aironet_3800p_firmware	8.10\(1.255\)
cisco	aironet_3800p	-
cisco	aironet_4800_firmware	*
cisco	aironet_4800_firmware	8.10\(1.255\)
cisco	aironet_4800	-
cisco	catalyst_iw6300_firmware	*
cisco	catalyst_iw6300_firmware	8.10\(1.255\)
cisco	catalyst_iw6300	-
cisco	6300_series_access_points_firmware	*
cisco	6300_series_access_points_firmware	8.10\(1.255\)
cisco	6300_series_access_points	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1542i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4743D728-DE98-4ECF-9C19-495D74F8E26B",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1542i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD95A3A-ECAD-4464-B7B1-C9A8F4D4FE4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1542d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B38D29-731C-46FD-8937-2CCB75CCBE9E",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1542d_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC3DD26-1AEB-4E02-92C3-2B72AC552AC1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1562i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34C96EE1-C7B8-4473-A7CB-5484CAAA5A67",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1562i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B05F6D72-0E41-4436-B4B8-436BF13AA152",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1562e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36C2A23-8B4A-4A01-9947-30D5A763DE1A",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1562e_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "28198B57-F0D0-46B8-8FCB-8D239C150DFB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1562d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C68430E0-1022-4F34-BEA9-DC68B8A7662E",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1562d_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F48A0DB5-65D7-4272-B7C0-52888346A650",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1815_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1DDF107-2C92-4479-AF05-FE81305E4D34",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1815_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C85C7BC2-1A61-4347-A6CC-9429F4DE086A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1830_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAB9A21-B740-4B43-AF53-5A96D1D39659",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1830_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "59E830C6-3580-473D-98BD-E0E544ED4185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1830:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "093AB3A8-853B-4094-BFB5-6A8775AAA8D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1840_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DEE5B56-01C3-4C96-9ED5-4EC8245B3AC2",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1840_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "33866E28-2081-46FA-83C6-957C031682F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69CA9D6-914D-436F-AA81-B218CC312D29",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A84D4B-F455-4838-9C1E-6B13BCCA0B72",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB0CEC3-BBEF-4103-B952-2813596E0C2F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0B76A8-377E-4176-8F04-B0D468D4E767",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_2800i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B14D6BC8-C900-47C3-9CB6-A705CAB526EC",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_2800i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F05A57CB-944C-4BC0-86BE-098E9001F4AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_2800e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16C65C71-9805-4CE9-9612-504CA83A923A",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_2800e_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6FC00793-2FA7-4828-9982-D148C82229AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_3800i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13219F7A-9396-44D9-B01C-AAD44DD350A8",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_3800i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C32AA518-D8B0-4836-A1A0-79EAE97A9B85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_3800e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "115A547A-9CB9-4488-9BAF-5222A16E5264",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_3800e_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6CF1D2BA-0293-4323-8295-76A9F6D0DC72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_3800p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "515B7F08-03BA-4BC9-A663-930C2FC6E003",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_3800p_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5F59162B-4AD3-4AFC-9A83-266531B37BC4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96FD2AD-66EF-4E40-ADA8-6B04CDC16C0B",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D7F5DD-253F-4838-9D03-881138F52EAE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:catalyst_iw6300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F48F9C4-58D2-4B15-9BC3-E90DC1E82399",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:catalyst_iw6300_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "220BA40C-28C6-4CBB-B35C-FDDDD89DBEF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:6300_series_access_points_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B7F56FF-85B8-49B2-858D-A6FA4C1C5CD2",
              "versionEndExcluding": "8.8.130.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:6300_series_access_points_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "543A29BF-3166-4EF9-A075-50EB9CB0E9FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:6300_series_access_points:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E6F57DE-E039-49D7-B240-48CBD9CACD6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del Software Cisco Mobility Express podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de  tipo cross-site request forgery (CSRF) sobre un sistema afectado. La vulnerabilidad es debido a insuficientes protecciones de CSRF para la interfaz de administraci\u00f3n basada en web sobre un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario con una sesi\u00f3n activa en un dispositivo afectado para que siga un enlace malicioso. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante llevar a cabo acciones arbitrarias, incluyendo la modificaci\u00f3n de la configuraci\u00f3n, con el nivel de privilegio del usuario."
    }
  ],
  "id": "CVE-2020-3261",
  "lastModified": "2024-11-21T05:30:40.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T21:15:36.060",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-34740

Vulnerability from cvelistv5

Published

2021-09-23 02:26

Modified

2024-11-07 21:58

Severity ?

7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Cisco

Cisco Aironet Access Point Software

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:48.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210922 Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:40:33.671746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:58:19.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Aironet Access Point Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-23T02:26:41",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210922 Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-airo-wpa-pktleak-dos-uSTyGrL",
        "defect": [
          [
            "CSCvu98674"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-09-22T16:00:00",
          "ID": "CVE-2021-34740",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Aironet Access Point Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-401"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210922 Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-airo-wpa-pktleak-dos-uSTyGrL",
          "defect": [
            [
              "CSCvu98674"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-34740",
    "datePublished": "2021-09-23T02:26:41.933546Z",
    "dateReserved": "2021-06-15T00:00:00",
    "dateUpdated": "2024-11-07T21:58:19.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3261

Vulnerability from cvelistv5

Published

2020-04-15 20:11

Modified

2024-11-15 17:28

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Summary

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Cisco

Cisco Mobility Express

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:28:54.925189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:28:53.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Mobility Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T20:11:15",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
        }
      ],
      "source": {
        "advisory": "cisco-sa-mob-exp-csrf-b8tFec24",
        "defect": [
          [
            "CSCvq88209"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-04-15T16:00:00-0700",
          "ID": "CVE-2020-3261",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Mobility Express",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-mob-exp-csrf-b8tFec24",
          "defect": [
            [
              "CSCvq88209"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3261",
    "datePublished": "2020-04-15T20:11:15.286172Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:28:53.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}