Sign-up

ID

VAR-200601-0295


CVE

CVE-2006-0354


TITLE

Cisco Aironet WAP of ARP Service disruption due to request processing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-000019

DESCRIPTION

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. Cisco IOS Wireless access point that operates Cisco Aironet Wireless Access Points (WAP) Is illegal ARP When processing a request, there is a vulnerability where the physical memory on the device is exhausted and traffic cannot be processed.Device is out of service (DoS) It may be in a state. This issue is due to memory exhaustion caused by improper handling of an excessive number of ARP requests. This issue allows attackers who can successfully associate with a vulnerable access point to exhaust the memory of the affected device. As a result, the device fails to pass legitimate traffic until it has been rebooted. There is a loophole in Cisco Aironet's processing of ARP requests, and a remote attacker may use the loophole to carry out a denial of service attack on the device. This will cause the device to be unable to transmit traffic until it is powered off and reloaded, affecting the availability of the wireless access point, and may not be able to use management and packet forwarding services. This can be exploited by sending spoofed ARP messages to the management interface of the AP to continuously add entries to the ARP table of the device until the device runs out of memory. Successful exploitation causes the AP to be unable to pass traffic until the device is restarted, but requires the ability to send ARP messages to the management interface of the AP. SOLUTION: Update to IOS version 12.3-7-JA2. http://tools.cisco.com/support/downloads/pub/MDFTree.x?butype=wireless PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0354 // JVNDB: JVNDB-2006-000019 // BID: 16217 // VULHUB: VHN-16462 // PACKETSTORM: 43033

AFFECTED PRODUCTS

vendor:ciscomodel:aironet ap1100scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap350scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1130agscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1240agscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1300scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1400scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1230agscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.3

Trust: 0.8

vendor:ciscomodel:aironet ap1240agscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1230agscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1300scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1200scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1400scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1130agscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap350scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1100scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet iosscope:eqversion:350

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1400

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1300

Trust: 0.3

vendor:ciscomodel:aironet 1240agscope: - version: -

Trust: 0.3

vendor:ciscomodel:aironet 1230agscope: - version: -

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1200

Trust: 0.3

vendor:ciscomodel:aironet 1130agscope: - version: -

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1100

Trust: 0.3

vendor:ciscomodel:ios -7-ja2scope:neversion:12.3

Trust: 0.3

sources: BID: 16217 // JVNDB: JVNDB-2006-000019 // CNNVD: CNNVD-200601-286 // NVD: CVE-2006-0354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0354
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-0354
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200601-286
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16462
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0354
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2006-0354
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-16462
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16462 // JVNDB: JVNDB-2006-000019 // CNNVD: CNNVD-200601-286 // NVD: CVE-2006-0354

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-16462 // JVNDB: JVNDB-2006-000019 // NVD: CVE-2006-0354

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200601-286

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200601-286

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-000019

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-16462

PATCH
title:cisco-sa-20060112-wirelessurl:http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml
Trust: 0.8
title:cisco-sa-20060112-wirelessurl:http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20060112-wireless-j.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-000019

EXTERNAL IDS
db:BIDid:16217
Trust: 2.8
db:SECUNIAid:18430
Trust: 2.6
db:NVDid:CVE-2006-0354
Trust: 2.5
db:SECTRACKid:1015483
Trust: 1.7
db:OSVDBid:22375
Trust: 1.7
db:SREASONid:339
Trust: 1.7
db:VUPENid:ADV-2006-0176
Trust: 1.7
db:JVNDBid:JVNDB-2006-000019
Trust: 0.8
db:CISCOid:20060112 ACCESS POINT MEMORY EXHAUSTION FROM ARP ATTACKS
Trust: 0.6
db:XFid:24086
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5680
Trust: 0.6
db:CNNVDid:CNNVD-200601-286
Trust: 0.6
db:EXPLOIT-DBid:1447
Trust: 0.1
db:VULHUBid:VHN-16462
Trust: 0.1
db:PACKETSTORMid:43033
Trust: 0.1
sources:
            
            
            VULHUB: VHN-16462 // 
            
            
            
            BID: 16217 // 
            
            
            
            JVNDB: JVNDB-2006-000019 // 
            
            
            
            PACKETSTORM: 43033 // 
            
            
            
            CNNVD: CNNVD-200601-286 // 
            
            
            
            NVD: CVE-2006-0354

REFERENCES
url:http://www.securityfocus.com/bid/16217
Trust: 2.5
url:http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml
Trust: 2.1
url:http://www.osvdb.org/22375
Trust: 1.7
url:http://securitytracker.com/id?1015483
Trust: 1.7
url:http://secunia.com/advisories/18430
Trust: 1.7
url:http://securityreason.com/securityalert/339
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2006/0176
Trust: 1.4
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5680
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/0176
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24086
Trust: 1.1
url:http://secunia.com/advisories/18430/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0354
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-0354
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/24086
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5680
Trust: 0.6
url:http://www.cisco.com/en/us/products/hw/wireless/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/6794/
Trust: 0.1
url:http://secunia.com/product/6037/
Trust: 0.1
url:http://secunia.com/product/6795/
Trust: 0.1
url:http://tools.cisco.com/support/downloads/pub/mdftree.x?butype=wireless
Trust: 0.1
url:http://secunia.com/product/1930/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/5114/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/6034/
Trust: 0.1
url:http://secunia.com/product/1929/
Trust: 0.1
url:http://secunia.com/product/1928/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-16462 // 
            
            
            
            BID: 16217 // 
            
            
            
            JVNDB: JVNDB-2006-000019 // 
            
            
            
            PACKETSTORM: 43033 // 
            
            
            
            CNNVD: CNNVD-200601-286 // 
            
            
            
            NVD: CVE-2006-0354

CREDITS
Eric Smith
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200601-286

SOURCES
db:VULHUBid:VHN-16462
db:BIDid:16217
db:JVNDBid:JVNDB-2006-000019
db:PACKETSTORMid:43033
db:CNNVDid:CNNVD-200601-286
db:NVDid:CVE-2006-0354

LAST UPDATE DATE
2024-08-14T14:08:39.827000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-16462date:2017-10-11T00:00:00
db:BIDid:16217date:2006-02-07T20:55:00
db:JVNDBid:JVNDB-2006-000019date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200601-286date:2009-03-04T00:00:00
db:NVDid:CVE-2006-0354date:2017-10-11T01:30:37.233

SOURCES RELEASE DATE
db:VULHUBid:VHN-16462date:2006-01-22T00:00:00
db:BIDid:16217date:2006-01-12T00:00:00
db:JVNDBid:JVNDB-2006-000019date:2007-04-01T00:00:00
db:PACKETSTORMid:43033date:2006-01-14T05:07:24
db:CNNVDid:CNNVD-200601-286date:2006-01-22T00:00:00
db:NVDid:CVE-2006-0354date:2006-01-22T20:03:00