ID

VAR-201805-0506


CVE

CVE-2018-0234


TITLE

Cisco Aironet Access Point Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004906

DESCRIPTION

A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition. This vulnerability affects Cisco Aironet 1810, 1830, and 1850 Series Access Points that are running Cisco Mobility Express Software Release 8.4.100.0, 8.5.103.0, or 8.5.105.0 and are configured as a master, subordinate, or standalone access point. Cisco Bug IDs: CSCvf73890. Vendors report this vulnerability Bug ID CSCvf73890 Published as.Denial of service (DoS) May be in a state. MobilityExpressSoftware is a set of management control software running on it. This vulnerability is due to insufficient verification of the program. Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2018-0234 // JVNDB: JVNDB-2018-004906 // CNVD: CNVD-2018-08990 // BID: 104081 // VULHUB: VHN-118436

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08990

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.5\(105.0\)

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.4\(100.0\)

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.5\(103.0\)

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.4.100.0

Trust: 0.8

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.5.103.0

Trust: 0.8

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.5.105.0

Trust: 0.8

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18308.4.100.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18308.5.103.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18308.5.105.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18508.4.100.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18508.5.103.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18508.5.105.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18108.4.100.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18108.5.103.0

Trust: 0.6

vendor:ciscomodel:aironet series access points mobility express softwarescope:eqversion:18108.5.105.0

Trust: 0.6

vendor:ciscomodel:mobility express softwarescope:eqversion:8.5.105.0

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:eqversion:8.5.103.0

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:eqversion:8.5

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:eqversion:8.4.100.0

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:eqversion:8.4

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.5(103.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18508.4(100.0)

Trust: 0.3

vendor:ciscomodel:aironet series access pointscope:eqversion:18500

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18300

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18100

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:neversion:8.5.110.0

Trust: 0.3

sources: CNVD: CNVD-2018-08990 // BID: 104081 // JVNDB: JVNDB-2018-004906 // CNNVD: CNNVD-201805-090 // NVD: CVE-2018-0234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0234
value: HIGH

Trust: 1.0

NVD: CVE-2018-0234
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-08990
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-090
value: HIGH

Trust: 0.6

VULHUB: VHN-118436
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0234
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08990
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118436
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0234
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08990 // VULHUB: VHN-118436 // JVNDB: JVNDB-2018-004906 // CNNVD: CNNVD-201805-090 // NVD: CVE-2018-0234

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118436 // JVNDB: JVNDB-2018-004906 // NVD: CVE-2018-0234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-090

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104081 // CNNVD: CNNVD-201805-090

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:aironet_access_point_software"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2018-004906

PATCH

title:cisco-sa-20180502-ap-ptpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp

Trust: 0.8

title:CiscoAironet has a patch for the Denial of Service Vulnerability (CNVD-2018-08990)url:https://www.cnvd.org.cn/patchInfo/show/128205

Trust: 0.6

title:Cisco Aironet 1810 , 1830 and 1850 Series Access Points Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79826

Trust: 0.6

sources: CNVD: CNVD-2018-08990 // JVNDB: JVNDB-2018-004906 // CNNVD: CNNVD-201805-090

EXTERNAL IDS

db:NVDid:CVE-2018-0234

Trust: 3.4

db:BIDid:104081

Trust: 2.6

db:SECTRACKid:1040820

Trust: 2.3

db:JVNDBid:JVNDB-2018-004906

Trust: 0.8

db:CNNVDid:CNNVD-201805-090

Trust: 0.7

db:CNVDid:CNVD-2018-08990

Trust: 0.6

db:AUSCERTid:ESB-2019.3874

Trust: 0.6

db:VULHUBid:VHN-118436

Trust: 0.1

sources: CNVD: CNVD-2018-08990 // VULHUB: VHN-118436 // BID: 104081 // JVNDB: JVNDB-2018-004906 // CNNVD: CNNVD-201805-090 // NVD: CVE-2018-0234

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-pptp-dos

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-ap-ptp

Trust: 2.0

url:http://www.securityfocus.com/bid/104081

Trust: 1.7

url:http://www.securitytracker.com/id/1040820

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0234

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0234

Trust: 0.8

url:https://securitytracker.com/id/1040820

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-unauth-access

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-airo-dos

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3874/

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2018-08990 // VULHUB: VHN-118436 // BID: 104081 // JVNDB: JVNDB-2018-004906 // CNNVD: CNNVD-201805-090 // NVD: CVE-2018-0234

CREDITS

Simon Lockhart of CableCom Networking.

Trust: 0.3

sources: BID: 104081

SOURCES

db:CNVDid:CNVD-2018-08990
db:VULHUBid:VHN-118436
db:BIDid:104081
db:JVNDBid:JVNDB-2018-004906
db:CNNVDid:CNNVD-201805-090
db:NVDid:CVE-2018-0234

LAST UPDATE DATE

2024-11-23T22:26:23.566000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-08990date:2018-05-07T00:00:00
db:VULHUBid:VHN-118436date:2019-10-09T00:00:00
db:BIDid:104081date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004906date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-090date:2019-10-18T00:00:00
db:NVDid:CVE-2018-0234date:2024-11-21T03:37:47.230

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-08990date:2018-05-07T00:00:00
db:VULHUBid:VHN-118436date:2018-05-02T00:00:00
db:BIDid:104081date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004906date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-090date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0234date:2018-05-02T22:29:00.323