ID
VAR-201608-0224
CVE
CVE-2016-6361
TITLE
plural Cisco Aironet Device software Aggregated MAC Protocol Data Unit Service disruption in implementations (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A denial of service vulnerability exists in the AggregatedMACProtocolDataUnit (AMPDU) implementation in the Cisco Aironet AccessPoints platform. An attacker could exploit the vulnerability to send a device overload by sending a specially crafted AMPDU packet. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuz56288. Cisco Aironet 1800, 2800, and 3800 are all routers of Cisco (Cisco). The following devices and versions are affected: Cisco Aironet 1800, 2800, 3800, versions prior to 8.2.121.0 and versions 8.3.x prior to 8.3.102.0
Trust: 2.61
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.2\(100.0\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(15.14\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(112.3\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.2\(102.43\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(131.0\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(112.4\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.3.0 | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | lt | version: | 8.3.x | Trust: 0.8 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.3.102.0 | Trust: 0.8 |
| vendor: | cisco | model: | aironet series access point | scope: | eq | version: | 3800 | Trust: 0.6 |
| vendor: | cisco | model: | aironet series access point | scope: | eq | version: | 2800 | Trust: 0.6 |
| vendor: | cisco | model: | aironet series access point | scope: | eq | version: | 1800 | Trust: 0.6 |
| vendor: | cisco | model: | aironet series access points | scope: | eq | version: | 38000 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | eq | version: | 28000 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | eq | version: | 18000 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 38008.3.102.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 38008.2.121.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 28008.3.102.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 28008.2.121.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 18008.3.102.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 18008.2.121.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
specific network environment
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20160817-aap | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap | Trust: 0.8 |
| title: | Patch for CiscoAironetAccessPoints Platform Denial of Service Vulnerability (CNVD-2016-06435) | url: | https://www.cnvd.org.cn/patchInfo/show/80566 | Trust: 0.6 |
| title: | Cisco Aironet 1800 , 2800 and 3800 Repair measures for platform denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63702 | Trust: 0.6 |
| title: | Cisco: Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160817-aap | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-6361 | Trust: 3.5 |
| db: | BID | id: | 92508 | Trust: 2.7 |
| db: | SECTRACK | id: | 1036648 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2016-004433 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201608-336 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-06435 | Trust: 0.6 |
| db: | NSFOCUS | id: | 34591 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-95181 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2016-6361 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/92508 | Trust: 2.4 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-aap | Trust: 2.2 |
| url: | http://www.securitytracker.com/id/1036648 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6361 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6361 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/34591 | Trust: 0.6 |
| url: | http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html | Trust: 0.3 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2016-06435 |
| db: | VULHUB | id: | VHN-95181 |
| db: | VULMON | id: | CVE-2016-6361 |
| db: | BID | id: | 92508 |
| db: | JVNDB | id: | JVNDB-2016-004433 |
| db: | CNNVD | id: | CNNVD-201608-336 |
| db: | NVD | id: | CVE-2016-6361 |
LAST UPDATE DATE
2024-11-23T23:09:11.783000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-06435 | date: | 2016-08-19T00:00:00 |
| db: | VULHUB | id: | VHN-95181 | date: | 2016-12-12T00:00:00 |
| db: | VULMON | id: | CVE-2016-6361 | date: | 2016-12-12T00:00:00 |
| db: | BID | id: | 92508 | date: | 2016-08-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004433 | date: | 2016-08-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-336 | date: | 2016-08-23T00:00:00 |
| db: | NVD | id: | CVE-2016-6361 | date: | 2024-11-21T02:55:58.763 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-06435 | date: | 2016-08-22T00:00:00 |
| db: | VULHUB | id: | VHN-95181 | date: | 2016-08-22T00:00:00 |
| db: | VULMON | id: | CVE-2016-6361 | date: | 2016-08-22T00:00:00 |
| db: | BID | id: | 92508 | date: | 2016-08-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004433 | date: | 2016-08-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-336 | date: | 2016-08-18T00:00:00 |
| db: | NVD | id: | CVE-2016-6361 | date: | 2016-08-22T10:59:10.043 |