Sign-up

ID

VAR-201701-0857


CVE

CVE-2016-9220


TITLE

Cisco Mobility Express 2800 and 3800 series Access Points Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007067

DESCRIPTION

A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91). The Cisco Mobility Express 2800 and 3800 AccessPoints are wireless products based on the Mobility Express solution from Cisco. A denial of service vulnerability exists in Cisco Mobility Express 2800 and 3800 AccessPoints. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCvb66659. A local attacker could exploit this vulnerability by sending a specially crafted 802.11 frame to the target device to affect the availability of the device

Trust: 2.52

sources: NVD: CVE-2016-9220 // JVNDB: JVNDB-2016-007067 // CNVD: CNVD-2017-01065 // BID: 95633 // VULHUB: VHN-98040

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01065

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.2\(130.0\)

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.2 (130.0)

Trust: 0.8

vendor:ciscomodel:mobility express series access pointsscope:eqversion:3800

Trust: 0.6

vendor:ciscomodel:mobility express series access pointsscope:eqversion:2800

Trust: 0.6

vendor:ciscomodel:mobility express series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:mobility express series access pointsscope:eqversion:28000

Trust: 0.3

sources: CNVD: CNVD-2017-01065 // BID: 95633 // JVNDB: JVNDB-2016-007067 // CNNVD: CNNVD-201701-789 // NVD: CVE-2016-9220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9220
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9220
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-01065
value: LOW

Trust: 0.6

CNNVD: CNNVD-201701-789
value: LOW

Trust: 0.6

VULHUB: VHN-98040
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-9220
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01065
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98040
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9220
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01065 // VULHUB: VHN-98040 // JVNDB: JVNDB-2016-007067 // CNNVD: CNNVD-201701-789 // NVD: CVE-2016-9220

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-98040 // JVNDB: JVNDB-2016-007067 // NVD: CVE-2016-9220

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201701-789

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201701-789

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007067

PATCH
title:cisco-sa-20170118-cme1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1
Trust: 0.8
title:Cisco Mobility Express Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67347
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007067 // 
            
            
            
            CNNVD: CNNVD-201701-789

EXTERNAL IDS
db:NVDid:CVE-2016-9220
Trust: 3.4
db:BIDid:95633
Trust: 2.6
db:JVNDBid:JVNDB-2016-007067
Trust: 0.8
db:CNNVDid:CNNVD-201701-789
Trust: 0.7
db:CNVDid:CNVD-2017-01065
Trust: 0.6
db:VULHUBid:VHN-98040
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01065 // 
            
            
            
            VULHUB: VHN-98040 // 
            
            
            
            BID: 95633 // 
            
            
            
            JVNDB: JVNDB-2016-007067 // 
            
            
            
            CNNVD: CNNVD-201701-789 // 
            
            
            
            NVD: CVE-2016-9220

REFERENCES
url:http://www.securityfocus.com/bid/95633
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-cme1
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9220
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9220
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-01065 // 
            
            
            
            VULHUB: VHN-98040 // 
            
            
            
            BID: 95633 // 
            
            
            
            JVNDB: JVNDB-2016-007067 // 
            
            
            
            CNNVD: CNNVD-201701-789 // 
            
            
            
            NVD: CVE-2016-9220

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 95633 // 
            
            
            
            CNNVD: CNNVD-201701-789

SOURCES
db:CNVDid:CNVD-2017-01065
db:VULHUBid:VHN-98040
db:BIDid:95633
db:JVNDBid:JVNDB-2016-007067
db:CNNVDid:CNNVD-201701-789
db:NVDid:CVE-2016-9220

LAST UPDATE DATE
2024-11-23T22:30:51.702000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01065date:2017-02-08T00:00:00
db:VULHUBid:VHN-98040date:2017-01-27T00:00:00
db:BIDid:95633date:2017-01-23T07:11:00
db:JVNDBid:JVNDB-2016-007067date:2017-02-09T00:00:00
db:CNNVDid:CNNVD-201701-789date:2017-02-28T00:00:00
db:NVDid:CVE-2016-9220date:2024-11-21T03:00:49.343

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01065date:2017-02-08T00:00:00
db:VULHUBid:VHN-98040date:2017-01-26T00:00:00
db:BIDid:95633date:2017-01-18T00:00:00
db:JVNDBid:JVNDB-2016-007067date:2017-02-09T00:00:00
db:CNNVDid:CNNVD-201701-789date:2017-01-20T00:00:00
db:NVDid:CVE-2016-9220date:2017-01-26T07:59:00.233