FKIE_CVE-2018-0441

Vulnerability from fkie_nvd - Published: 2018-10-17 22:29 - Updated: 2024-11-21 03:38
Severity ?
7.4 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/105680Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1041918Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105680Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041918Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dosVendor Advisory
Impacted products
Vendor Product Version
cisco access_points 8.0\(140.0\)
cisco access_points 8.2\(141.0\)
cisco access_points 8.2\(151.0\)
cisco access_points 8.3\(102.0\)
cisco access_points 8.3\(112.0\)
cisco access_points 8.3\(114.74\)
cisco access_points 15.3\(3\)jd
cisco access_points *
cisco access_points *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:access_points:8.0\\(140.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2A2819B0-F330-4842-A71E-B0BADF999FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:8.2\\(141.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8217BA-0CEC-4E93-853E-EE86C2118954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:8.2\\(151.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F92DE6E7-FFCA-4206-8C40-124A243778A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:8.3\\(102.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "67AA1EAD-5FD9-44F0-836E-16D93E7D8D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:8.3\\(112.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6643B-AAB1-4D92-82CE-1F369FDFB796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:8.3\\(114.74\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0D16FE04-C08A-44B8-9EB3-D6C1E2E117DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:15.3\\(3\\)jd:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF5D480-A6E6-4933-BDA8-782C71D8EA67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B3BAA1-C708-40E2-8C2F-42EA78825B8D",
              "versionEndExcluding": "8.3.140.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F09BB9-D027-40C7-8D49-3AEC96C530EA",
              "versionEndExcluding": "8.5.110.0",
              "versionStartIncluding": "8.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el conjunto de caracter\u00edsticas 802.11r Fast Transition en Cisco IOS Access Points (APs) Software podr\u00eda permitir que un atacante adyacente sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la corrupci\u00f3n de ciertos mecanismos de temporizaci\u00f3n desencadenados por eventos concretos de roaming. Esta corrupci\u00f3n acabar\u00e1 provocando un cierre inesperado del temporizador. Un atacante podr\u00eda explotar esta vulnerabilidad enviando eventos maliciosos de reasociaci\u00f3n m\u00faltiples veces al mismo AP en un corto espacio de tiempo, lo que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el AP afectado."
    }
  ],
  "id": "CVE-2018-0441",
  "lastModified": "2024-11-21T03:38:14.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-17T22:29:00.550",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105680"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041918"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.