Sign-up

ID

VAR-201805-0493


CVE

CVE-2018-0249


TITLE

Cisco Aironet 1800 Series Access Point Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004599

DESCRIPTION

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116. Vendors have confirmed this vulnerability Bug ID CSCvg02116 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.25

sources: NVD: CVE-2018-0249 // JVNDB: JVNDB-2018-004599 // CNVD: CNVD-2018-09001 // VULHUB: VHN-118451

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09001

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.2\(161.0\)

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet series access pointsscope:eqversion:1560

Trust: 0.6

vendor:ciscomodel:aironet series officeextend access pointsscope:eqversion:1810

Trust: 0.6

vendor:ciscomodel:aironet 1810w series access pointsscope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet series access pointsscope:eqversion:1815

Trust: 0.6

vendor:ciscomodel:aironet series access pointsscope:eqversion:1830

Trust: 0.6

vendor:ciscomodel:aironet series access pointsscope:eqversion:1850

Trust: 0.6

sources: CNVD: CNVD-2018-09001 // JVNDB: JVNDB-2018-004599 // CNNVD: CNNVD-201805-086 // NVD: CVE-2018-0249

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0249
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0249
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-09001
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-086
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118451
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0249
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09001
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118451
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0249
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-0249
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-09001 // VULHUB: VHN-118451 // JVNDB: JVNDB-2018-004599 // CNNVD: CNNVD-201805-086 // NVD: CVE-2018-0249

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-118451 // JVNDB: JVNDB-2018-004599 // NVD: CVE-2018-0249

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-086

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201805-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004599

PATCH
title:cisco-sa-20180502-aironet-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos
Trust: 0.8
title:CiscoAironet has a patch for denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/128219
Trust: 0.6
title:Multiple Cisco Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79822
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09001 // 
            
            
            
            JVNDB: JVNDB-2018-004599 // 
            
            
            
            CNNVD: CNNVD-201805-086

EXTERNAL IDS
db:NVDid:CVE-2018-0249
Trust: 3.1
db:SECTRACKid:1040816
Trust: 2.3
db:JVNDBid:JVNDB-2018-004599
Trust: 0.8
db:CNNVDid:CNNVD-201805-086
Trust: 0.7
db:CNVDid:CNVD-2018-09001
Trust: 0.6
db:VULHUBid:VHN-118451
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09001 // 
            
            
            
            VULHUB: VHN-118451 // 
            
            
            
            JVNDB: JVNDB-2018-004599 // 
            
            
            
            CNNVD: CNNVD-201805-086 // 
            
            
            
            NVD: CVE-2018-0249

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-aironet-dos
Trust: 1.7
url:http://www.securitytracker.com/id/1040816
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0249
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0249
Trust: 0.8
url:https://securitytracker.com/id/1040816
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09001 // 
            
            
            
            VULHUB: VHN-118451 // 
            
            
            
            JVNDB: JVNDB-2018-004599 // 
            
            
            
            CNNVD: CNNVD-201805-086 // 
            
            
            
            NVD: CVE-2018-0249

SOURCES
db:CNVDid:CNVD-2018-09001
db:VULHUBid:VHN-118451
db:JVNDBid:JVNDB-2018-004599
db:CNNVDid:CNNVD-201805-086
db:NVDid:CVE-2018-0249

LAST UPDATE DATE
2024-11-23T22:00:31.178000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09001date:2018-05-07T00:00:00
db:VULHUBid:VHN-118451date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2018-004599date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-086date:2020-10-23T00:00:00
db:NVDid:CVE-2018-0249date:2024-11-21T03:37:48.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09001date:2018-05-07T00:00:00
db:VULHUBid:VHN-118451date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004599date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-086date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0249date:2018-05-02T22:29:00.573