Sign-up

ID

VAR-201808-0300


CVE

CVE-2018-0415


TITLE

Cisco Small Business 100 Series and Small Business 300 Series wireless access point error handling vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009157

DESCRIPTION

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472. Vendors have confirmed this vulnerability Bug ID CSCvj97472 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. A denial of service vulnerability exists in the implementation of the ExtensibleAuthenticationProtocoloverLAN (EAPOL) feature in CiscoSmallBusiness100SeriesWirelessAccessPoints and SmallBusiness300SeriesWirelessAccessPoints, which stems from a program not properly processing EAPOL frames. Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2018-0415 // JVNDB: JVNDB-2018-009157 // CNVD: CNVD-2018-16178 // BID: 105116 // VULHUB: VHN-118617

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-16178

AFFECTED PRODUCTS

vendor:ciscomodel:wap121scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap131scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap150scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap361scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap125scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap321scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap371scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap351scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap121scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap125scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap131scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap150scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap321scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap351scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap361scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap371scope: - version: -

Trust: 0.8

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:100

Trust: 0.6

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:300

Trust: 0.6

vendor:ciscomodel:wap125scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap121scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap131scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap361scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap150scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap371scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap351scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap321scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:3000

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:1000

Trust: 0.3

sources: CNVD: CNVD-2018-16178 // BID: 105116 // JVNDB: JVNDB-2018-009157 // CNNVD: CNNVD-201808-459 // NVD: CVE-2018-0415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0415
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0415
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-16178
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201808-459
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118617
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0415
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-16178
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118617
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0415
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-16178 // VULHUB: VHN-118617 // JVNDB: JVNDB-2018-009157 // CNNVD: CNNVD-201808-459 // NVD: CVE-2018-0415

PROBLEMTYPE DATA

problemtype:CWE-388

Trust: 1.9

sources: VULHUB: VHN-118617 // JVNDB: JVNDB-2018-009157 // NVD: CVE-2018-0415

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201808-459

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009157

PATCH
title:cisco-sa-20180815-csb-wap-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos
Trust: 0.8
title:Patch for CiscoSmallBusiness100SeriesWirelessAccessPoints and SmallBusiness300SeriesWirelessAccessPoints Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/138281
Trust: 0.6
title:Cisco Small Business 100 Series Wireless Access Points  and Small Business 300 Series Wireless Access Points Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83759
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-16178 // 
            
            
            
            JVNDB: JVNDB-2018-009157 // 
            
            
            
            CNNVD: CNNVD-201808-459

EXTERNAL IDS
db:NVDid:CVE-2018-0415
Trust: 3.4
db:BIDid:105116
Trust: 2.6
db:JVNDBid:JVNDB-2018-009157
Trust: 0.8
db:CNNVDid:CNNVD-201808-459
Trust: 0.7
db:CNVDid:CNVD-2018-16178
Trust: 0.6
db:VULHUBid:VHN-118617
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-16178 // 
            
            
            
            VULHUB: VHN-118617 // 
            
            
            
            BID: 105116 // 
            
            
            
            JVNDB: JVNDB-2018-009157 // 
            
            
            
            CNNVD: CNNVD-201808-459 // 
            
            
            
            NVD: CVE-2018-0415

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180815-csb-wap-dos
Trust: 2.0
url:http://www.securityfocus.com/bid/105116
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-0415
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0415
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-16178 // 
            
            
            
            VULHUB: VHN-118617 // 
            
            
            
            BID: 105116 // 
            
            
            
            JVNDB: JVNDB-2018-009157 // 
            
            
            
            CNNVD: CNNVD-201808-459 // 
            
            
            
            NVD: CVE-2018-0415

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105116

SOURCES
db:CNVDid:CNVD-2018-16178
db:VULHUBid:VHN-118617
db:BIDid:105116
db:JVNDBid:JVNDB-2018-009157
db:CNNVDid:CNNVD-201808-459
db:NVDid:CVE-2018-0415

LAST UPDATE DATE
2024-11-23T22:48:35.859000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-16178date:2018-08-25T00:00:00
db:VULHUBid:VHN-118617date:2019-10-09T00:00:00
db:BIDid:105116date:2018-08-15T00:00:00
db:JVNDBid:JVNDB-2018-009157date:2018-11-09T00:00:00
db:CNNVDid:CNNVD-201808-459date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0415date:2024-11-21T03:38:10.883

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-16178date:2018-08-24T00:00:00
db:VULHUBid:VHN-118617date:2018-08-15T00:00:00
db:BIDid:105116date:2018-08-15T00:00:00
db:JVNDBid:JVNDB-2018-009157date:2018-11-09T00:00:00
db:CNNVDid:CNNVD-201808-459date:2018-08-16T00:00:00
db:NVDid:CVE-2018-0415date:2018-08-15T20:29:00.893