VAR-200908-0530
Vulnerability from variot - Updated: 2023-12-18 13:15The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664. Aironet 1200 is prone to a denial-of-service vulnerability. Cisco Aironet wireless access points (APs) are very popular wireless access network devices. Aironet wireless AP devices send the content of some multicast data frames in plain text, and remote attackers can obtain sensitive information such as the MAC address, IP address, and AP configuration of the wireless LAN controller by sniffing the wireless network. This paper associates devices with malicious controllers so that wireless clients cannot access legitimate network resources. This is a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200908-0530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aironet ap1200",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "aironet ap1100",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "aironet ap1100 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "aironet ap1200 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "aironet ap1100",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "aironet ap1200",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1200"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1100"
}
],
"sources": [
{
"db": "BID",
"id": "79399"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_ap1200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:aironet_ap1100:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirMagnet",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-2861",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-40307",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2861",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200908-440",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-40307",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40307"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka \"SkyJack\" or Bug ID CSCtb56664. Aironet 1200 is prone to a denial-of-service vulnerability. Cisco Aironet wireless access points (APs) are very popular wireless access network devices. Aironet wireless AP devices send the content of some multicast data frames in plain text, and remote attackers can obtain sensitive information such as the MAC address, IP address, and AP configuration of the wireless LAN controller by sniffing the wireless network. This paper associates devices with malicious controllers so that wireless clients cannot access legitimate network resources. This is a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "BID",
"id": "79399"
},
{
"db": "VULHUB",
"id": "VHN-40307"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2861",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1022774",
"trust": 2.0
},
{
"db": "BID",
"id": "36145",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2009-2419",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200908-440",
"trust": 0.7
},
{
"db": "BID",
"id": "79399",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-40307",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40307"
},
{
"db": "BID",
"id": "79399"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"id": "VAR-200908-0530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40307"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:15:21.520000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IntelliShield ID: 18919",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18919"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "NVD",
"id": "CVE-2009-2861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.securityfocus.com/bid/36145"
},
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18919"
},
{
"trust": 2.0,
"url": "http://www.airmagnet.com/assets/am_technote_skyjack_082509.pdf"
},
{
"trust": 2.0,
"url": "http://www.airmagnet.com/news/press_releases/2009/08252009.php"
},
{
"trust": 2.0,
"url": "http://securitytracker.com/id?1022774"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/2419"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2861"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2861"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40307"
},
{
"db": "BID",
"id": "79399"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-40307"
},
{
"db": "BID",
"id": "79399"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-40307"
},
{
"date": "2009-08-27T00:00:00",
"db": "BID",
"id": "79399"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"date": "2009-08-27T17:00:01.077000",
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"date": "2009-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-40307"
},
{
"date": "2009-08-27T00:00:00",
"db": "BID",
"id": "79399"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003679"
},
{
"date": "2009-08-28T04:00:00",
"db": "NVD",
"id": "CVE-2009-2861"
},
{
"date": "2009-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Aironet Lightweight Access Point Such as OTAP Service disruption in functionality (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003679"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-440"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…