Details of VAR-200908-0530

ID

VAR-200908-0530

CVE

CVE-2009-2861

TITLE

Cisco Aironet Lightweight Access Point Such as OTAP Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003679

DESCRIPTION

The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664. Aironet 1200 is prone to a denial-of-service vulnerability. Cisco Aironet wireless access points (APs) are very popular wireless access network devices. Aironet wireless AP devices send the content of some multicast data frames in plain text, and remote attackers can obtain sensitive information such as the MAC address, IP address, and AP configuration of the wireless LAN controller by sniffing the wireless network. This paper associates devices with malicious controllers so that wireless clients cannot access legitimate network resources. This is a denial of service

Trust: 1.98

sources: NVD: CVE-2009-2861 // JVNDB: JVNDB-2009-003679 // BID: 79399 // VULHUB: VHN-40307

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet ap1200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	aironet ap1100	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	aironet ap1100 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet ap1200 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet ap1100	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet ap1200	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet	scope:	eq	version:	1200	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1100	Trust: 0.3

sources: BID: 79399 // JVNDB: JVNDB-2009-003679 // CNNVD: CNNVD-200908-440 // NVD: CVE-2009-2861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2861
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-2861
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200908-440
value:	HIGH
Trust: 0.6
VULHUB:	VHN-40307
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-2861
severity:	HIGH
baseScore:	7.3
vectorString:	AV:A/AC:M/AU:N/C:N/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-40307
severity:	HIGH
baseScore:	7.3
vectorString:	AV:A/AC:M/AU:N/C:N/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-40307 // JVNDB: JVNDB-2009-003679 // CNNVD: CNNVD-200908-440 // NVD: CVE-2009-2861

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2009-003679 // NVD: CVE-2009-2861

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200908-440

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200908-440

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003679

PATCH

title:

IntelliShield ID: 18919

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

Trust: 0.8

sources: JVNDB: JVNDB-2009-003679

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2861	Trust: 2.8
db:	SECTRACK	id:	1022774	Trust: 2.0
db:	BID	id:	36145	Trust: 2.0
db:	VUPEN	id:	ADV-2009-2419	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-003679	Trust: 0.8
db:	CNNVD	id:	CNNVD-200908-440	Trust: 0.7
db:	BID	id:	79399	Trust: 0.4
db:	VULHUB	id:	VHN-40307	Trust: 0.1

sources: VULHUB: VHN-40307 // BID: 79399 // JVNDB: JVNDB-2009-003679 // CNNVD: CNNVD-200908-440 // NVD: CVE-2009-2861

REFERENCES

url:	http://www.securityfocus.com/bid/36145	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=18919	Trust: 2.0
url:	http://www.airmagnet.com/assets/am_technote_skyjack_082509.pdf	Trust: 2.0
url:	http://www.airmagnet.com/news/press_releases/2009/08252009.php	Trust: 2.0
url:	http://securitytracker.com/id?1022774	Trust: 2.0
url:	http://www.vupen.com/english/advisories/2009/2419	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2861	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2861	Trust: 0.8

sources: VULHUB: VHN-40307 // BID: 79399 // JVNDB: JVNDB-2009-003679 // CNNVD: CNNVD-200908-440 // NVD: CVE-2009-2861

CREDITS

AirMagnet

Trust: 0.6

sources: CNNVD: CNNVD-200908-440

SOURCES

db:	VULHUB	id:	VHN-40307
db:	BID	id:	79399
db:	JVNDB	id:	JVNDB-2009-003679
db:	CNNVD	id:	CNNVD-200908-440
db:	NVD	id:	CVE-2009-2861

LAST UPDATE DATE

2024-11-23T22:19:15.797000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-40307	date:	2009-08-28T00:00:00
db:	BID	id:	79399	date:	2009-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2009-003679	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200908-440	date:	2009-08-28T00:00:00
db:	NVD	id:	CVE-2009-2861	date:	2024-11-21T01:05:55.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-40307	date:	2009-08-27T00:00:00
db:	BID	id:	79399	date:	2009-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2009-003679	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200908-440	date:	2009-08-27T00:00:00
db:	NVD	id:	CVE-2009-2861	date:	2009-08-27T17:00:01.077