ID

VAR-200601-0295


CVE

CVE-2006-0354


TITLE

Cisco Aironet WAP of ARP Service disruption due to request processing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-000019

DESCRIPTION

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. Cisco IOS Wireless access point that operates Cisco Aironet Wireless Access Points (WAP) Is illegal ARP When processing a request, there is a vulnerability where the physical memory on the device is exhausted and traffic cannot be processed.Device is out of service (DoS) It may be in a state. This issue is due to memory exhaustion caused by improper handling of an excessive number of ARP requests. This issue allows attackers who can successfully associate with a vulnerable access point to exhaust the memory of the affected device. As a result, the device fails to pass legitimate traffic until it has been rebooted. There is a loophole in Cisco Aironet's processing of ARP requests, and a remote attacker may use the loophole to carry out a denial of service attack on the device. This will cause the device to be unable to transmit traffic until it is powered off and reloaded, affecting the availability of the wireless access point, and may not be able to use management and packet forwarding services. This can be exploited by sending spoofed ARP messages to the management interface of the AP to continuously add entries to the ARP table of the device until the device runs out of memory. Successful exploitation causes the AP to be unable to pass traffic until the device is restarted, but requires the ability to send ARP messages to the management interface of the AP. SOLUTION: Update to IOS version 12.3-7-JA2. http://tools.cisco.com/support/downloads/pub/MDFTree.x?butype=wireless PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0354 // JVNDB: JVNDB-2006-000019 // BID: 16217 // VULHUB: VHN-16462 // PACKETSTORM: 43033

AFFECTED PRODUCTS

vendor:ciscomodel:aironet ap1230agscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1240agscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1300scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap350scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1130agscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1100scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1400scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3

Trust: 0.8

vendor:ciscomodel:aironet ap1240agscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1230agscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1300scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1200scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1400scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1130agscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap350scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1100scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet iosscope:eqversion:350

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1400

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1300

Trust: 0.3

vendor:ciscomodel:aironet 1240agscope: - version: -

Trust: 0.3

vendor:ciscomodel:aironet 1230agscope: - version: -

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1200

Trust: 0.3

vendor:ciscomodel:aironet 1130agscope: - version: -

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1100

Trust: 0.3

vendor:ciscomodel:ios -7-ja2scope:neversion:12.3

Trust: 0.3

sources: BID: 16217 // JVNDB: JVNDB-2006-000019 // CNNVD: CNNVD-200601-286 // NVD: CVE-2006-0354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0354
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-0354
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200601-286
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16462
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0354
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2006-0354
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-16462
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16462 // JVNDB: JVNDB-2006-000019 // CNNVD: CNNVD-200601-286 // NVD: CVE-2006-0354

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-16462 // JVNDB: JVNDB-2006-000019 // NVD: CVE-2006-0354

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200601-286

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200601-286

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000019

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-16462

PATCH

title:cisco-sa-20060112-wirelessurl:http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml

Trust: 0.8

title:cisco-sa-20060112-wirelessurl:http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20060112-wireless-j.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2006-000019

EXTERNAL IDS

db:BIDid:16217

Trust: 2.8

db:SECUNIAid:18430

Trust: 2.6

db:NVDid:CVE-2006-0354

Trust: 2.5

db:SECTRACKid:1015483

Trust: 1.7

db:OSVDBid:22375

Trust: 1.7

db:SREASONid:339

Trust: 1.7

db:VUPENid:ADV-2006-0176

Trust: 1.7

db:JVNDBid:JVNDB-2006-000019

Trust: 0.8

db:CISCOid:20060112 ACCESS POINT MEMORY EXHAUSTION FROM ARP ATTACKS

Trust: 0.6

db:XFid:24086

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5680

Trust: 0.6

db:CNNVDid:CNNVD-200601-286

Trust: 0.6

db:EXPLOIT-DBid:1447

Trust: 0.1

db:VULHUBid:VHN-16462

Trust: 0.1

db:PACKETSTORMid:43033

Trust: 0.1

sources: VULHUB: VHN-16462 // BID: 16217 // JVNDB: JVNDB-2006-000019 // PACKETSTORM: 43033 // CNNVD: CNNVD-200601-286 // NVD: CVE-2006-0354

REFERENCES

url:http://www.securityfocus.com/bid/16217

Trust: 2.5

url:http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml

Trust: 2.1

url:http://www.osvdb.org/22375

Trust: 1.7

url:http://securitytracker.com/id?1015483

Trust: 1.7

url:http://secunia.com/advisories/18430

Trust: 1.7

url:http://securityreason.com/securityalert/339

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2006/0176

Trust: 1.4

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5680

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/0176

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24086

Trust: 1.1

url:http://secunia.com/advisories/18430/

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0354

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-0354

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/24086

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5680

Trust: 0.6

url:http://www.cisco.com/en/us/products/hw/wireless/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/6794/

Trust: 0.1

url:http://secunia.com/product/6037/

Trust: 0.1

url:http://secunia.com/product/6795/

Trust: 0.1

url:http://tools.cisco.com/support/downloads/pub/mdftree.x?butype=wireless

Trust: 0.1

url:http://secunia.com/product/1930/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/5114/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/6034/

Trust: 0.1

url:http://secunia.com/product/1929/

Trust: 0.1

url:http://secunia.com/product/1928/

Trust: 0.1

sources: VULHUB: VHN-16462 // BID: 16217 // JVNDB: JVNDB-2006-000019 // PACKETSTORM: 43033 // CNNVD: CNNVD-200601-286 // NVD: CVE-2006-0354

CREDITS

Eric Smith

Trust: 0.6

sources: CNNVD: CNNVD-200601-286

SOURCES

db:VULHUBid:VHN-16462
db:BIDid:16217
db:JVNDBid:JVNDB-2006-000019
db:PACKETSTORMid:43033
db:CNNVDid:CNNVD-200601-286
db:NVDid:CVE-2006-0354

LAST UPDATE DATE

2024-11-23T23:00:31.982000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16462date:2017-10-11T00:00:00
db:BIDid:16217date:2006-02-07T20:55:00
db:JVNDBid:JVNDB-2006-000019date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200601-286date:2009-03-04T00:00:00
db:NVDid:CVE-2006-0354date:2024-11-21T00:06:16.297

SOURCES RELEASE DATE

db:VULHUBid:VHN-16462date:2006-01-22T00:00:00
db:BIDid:16217date:2006-01-12T00:00:00
db:JVNDBid:JVNDB-2006-000019date:2007-04-01T00:00:00
db:PACKETSTORMid:43033date:2006-01-14T05:07:24
db:CNNVDid:CNNVD-200601-286date:2006-01-22T00:00:00
db:NVDid:CVE-2006-0354date:2006-01-22T20:03:00