Details of VAR-201701-0858

ID

VAR-201701-0858

CVE

CVE-2016-9221

TITLE

Cisco Mobility Express 2800 and 3800 series Access Points Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007068

DESCRIPTION

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85). Vendors have confirmed this vulnerability Bug ID CSCvb33575 It is released as.Denial of service by an adjacent attacker ( Authentication failure ) There is a possibility of being put into a state. The Cisco Mobility Express 2800 and 3800 AccessPoints are wireless products based on the Mobility Express solution from Cisco. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCvb33575. The vulnerability stems from the fact that the program does not correctly handle 802.11 authentication request errors. An attacker could exploit this vulnerability by sending a specially crafted 802.11 frame to the target device to affect the availability of the device

Trust: 2.52

sources: NVD: CVE-2016-9221 // JVNDB: JVNDB-2016-007068 // CNVD: CNVD-2017-01066 // BID: 95631 // VULHUB: VHN-98041

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-01066

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.2\(121.12\)	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.4\(1.82\)	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.2 (121.12)	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.4 (1.82)	Trust: 0.8
vendor:	cisco	model:	mobility express series access points	scope:	eq	version:	3800	Trust: 0.6
vendor:	cisco	model:	mobility express series access points	scope:	eq	version:	2800	Trust: 0.6
vendor:	cisco	model:	mobility express series access points	scope:	eq	version:	38000	Trust: 0.3
vendor:	cisco	model:	mobility express series access points	scope:	eq	version:	28000	Trust: 0.3

sources: CNVD: CNVD-2017-01066 // BID: 95631 // JVNDB: JVNDB-2016-007068 // CNNVD: CNNVD-201701-791 // NVD: CVE-2016-9221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9221
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9221
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-01066
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201701-791
value:	LOW
Trust: 0.6
VULHUB:	VHN-98041
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-9221
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-01066
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98041
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9221
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-01066 // VULHUB: VHN-98041 // JVNDB: JVNDB-2016-007068 // CNNVD: CNNVD-201701-791 // NVD: CVE-2016-9221

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-98041 // JVNDB: JVNDB-2016-007068 // NVD: CVE-2016-9221

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201701-791

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201701-791

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007068

PATCH

title:	cisco-sa-20170118-cme2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2	Trust: 0.8
title:	Cisco Mobility Express 2800 and 800 Access Points Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67349	Trust: 0.6

sources: JVNDB: JVNDB-2016-007068 // CNNVD: CNNVD-201701-791

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9221	Trust: 3.4
db:	BID	id:	95631	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-007068	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-791	Trust: 0.7
db:	CNVD	id:	CNVD-2017-01066	Trust: 0.6
db:	VULHUB	id:	VHN-98041	Trust: 0.1

sources: CNVD: CNVD-2017-01066 // VULHUB: VHN-98041 // BID: 95631 // JVNDB: JVNDB-2016-007068 // CNNVD: CNNVD-201701-791 // NVD: CVE-2016-9221

REFERENCES

url:	http://www.securityfocus.com/bid/95631	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-cme2	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9221	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9221	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-cme2	Trust: 0.3

sources: CNVD: CNVD-2017-01066 // VULHUB: VHN-98041 // BID: 95631 // JVNDB: JVNDB-2016-007068 // CNNVD: CNNVD-201701-791 // NVD: CVE-2016-9221

CREDITS

Cisco

Trust: 0.9

sources: BID: 95631 // CNNVD: CNNVD-201701-791

SOURCES

db:	CNVD	id:	CNVD-2017-01066
db:	VULHUB	id:	VHN-98041
db:	BID	id:	95631
db:	JVNDB	id:	JVNDB-2016-007068
db:	CNNVD	id:	CNNVD-201701-791
db:	NVD	id:	CVE-2016-9221

LAST UPDATE DATE

2024-11-23T22:38:38.366000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01066	date:	2017-02-08T00:00:00
db:	VULHUB	id:	VHN-98041	date:	2017-01-27T00:00:00
db:	BID	id:	95631	date:	2017-01-23T01:11:00
db:	JVNDB	id:	JVNDB-2016-007068	date:	2017-02-09T00:00:00
db:	CNNVD	id:	CNNVD-201701-791	date:	2017-01-20T00:00:00
db:	NVD	id:	CVE-2016-9221	date:	2024-11-21T03:00:49.450

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-01066	date:	2017-02-08T00:00:00
db:	VULHUB	id:	VHN-98041	date:	2017-01-26T00:00:00
db:	BID	id:	95631	date:	2017-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-007068	date:	2017-02-09T00:00:00
db:	CNNVD	id:	CNNVD-201701-791	date:	2017-01-20T00:00:00
db:	NVD	id:	CVE-2016-9221	date:	2017-01-26T07:59:00.247