ID

VAR-201810-0316


CVE

CVE-2018-0441


TITLE

Cisco IOS Access Points Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013820

DESCRIPTION

A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP. This issue is being tracked by Cisco Bug ID CSCve64652

Trust: 1.98

sources: NVD: CVE-2018-0441 // JVNDB: JVNDB-2018-013820 // BID: 105680 // VULHUB: VHN-118643

AFFECTED PRODUCTS

vendor:ciscomodel:access pointsscope:eqversion:8.2\(141.0\)

Trust: 1.0

vendor:ciscomodel:access pointsscope:eqversion:8.3\(102.0\)

Trust: 1.0

vendor:ciscomodel:access pointsscope:eqversion:8.2\(151.0\)

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:8.5.110.0

Trust: 1.0

vendor:ciscomodel:access pointsscope:eqversion:8.3\(112.0\)

Trust: 1.0

vendor:ciscomodel:access pointsscope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:access pointsscope:eqversion:8.0\(140.0\)

Trust: 1.0

vendor:ciscomodel:access pointsscope:eqversion:15.3\(3\)jd

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:8.3.140.0

Trust: 1.0

vendor:ciscomodel:access pointsscope:eqversion:8.3\(114.74\)

Trust: 1.0

vendor:ciscomodel:aironet series access pointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial wireless access pointscope:eqversion:37020

Trust: 0.3

vendor:ciscomodel:ap803 integrated access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ap803 access point modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ap802 integrated access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ap802 access point modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 702w access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 702i access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:37000

Trust: 0.3

vendor:ciscomodel:aironet 3600i access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 3500i access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 3500e access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 2700e access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18000

Trust: 0.3

vendor:ciscomodel:aironet 1700i access pointsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1600i access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1600e access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1572ic outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1572ec outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1572eac outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1552wu outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1552s outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1552i outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1530i outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet 1530e outdoor access pointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:aironet lightweight outdoor mesh access pointscope:eqversion:15240

Trust: 0.3

vendor:ciscomodel:aironet access pointscope:eqversion:12600

Trust: 0.3

vendor:ciscomodel:aironet access pointscope:eqversion:11400

Trust: 0.3

vendor:ciscomodel:aironet series access pointscope:eqversion:10400

Trust: 0.3

vendor:ciscomodel:lightweight outdoor mesh access pointscope:eqversion:15220

Trust: 0.3

sources: BID: 105680 // JVNDB: JVNDB-2018-013820 // NVD: CVE-2018-0441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0441
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0441
value: HIGH

Trust: 1.0

NVD: CVE-2018-0441
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-984
value: HIGH

Trust: 0.6

VULHUB: VHN-118643
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0441
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118643
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0441
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118643 // JVNDB: JVNDB-2018-013820 // CNNVD: CNNVD-201810-984 // NVD: CVE-2018-0441 // NVD: CVE-2018-0441

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-118643 // JVNDB: JVNDB-2018-013820 // NVD: CVE-2018-0441

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-984

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-984

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013820

PATCH

title:cisco-sa-20181017-ap-ft-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos

Trust: 0.8

title:Cisco IOS Access Points Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86055

Trust: 0.6

sources: JVNDB: JVNDB-2018-013820 // CNNVD: CNNVD-201810-984

EXTERNAL IDS

db:NVDid:CVE-2018-0441

Trust: 2.8

db:BIDid:105680

Trust: 2.0

db:SECTRACKid:1041918

Trust: 1.7

db:JVNDBid:JVNDB-2018-013820

Trust: 0.8

db:CNNVDid:CNNVD-201810-984

Trust: 0.7

db:VULHUBid:VHN-118643

Trust: 0.1

sources: VULHUB: VHN-118643 // BID: 105680 // JVNDB: JVNDB-2018-013820 // CNNVD: CNNVD-201810-984 // NVD: CVE-2018-0441

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181017-ap-ft-dos

Trust: 2.0

url:http://www.securityfocus.com/bid/105680

Trust: 1.7

url:http://www.securitytracker.com/id/1041918

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0441

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0441

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-118643 // BID: 105680 // JVNDB: JVNDB-2018-013820 // CNNVD: CNNVD-201810-984 // NVD: CVE-2018-0441

CREDITS

Cisco

Trust: 0.3

sources: BID: 105680

SOURCES

db:VULHUBid:VHN-118643
db:BIDid:105680
db:JVNDBid:JVNDB-2018-013820
db:CNNVDid:CNNVD-201810-984
db:NVDid:CVE-2018-0441

LAST UPDATE DATE

2024-08-14T13:27:32.525000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118643date:2019-10-09T00:00:00
db:BIDid:105680date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013820date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-984date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0441date:2019-10-09T23:32:05.397

SOURCES RELEASE DATE

db:VULHUBid:VHN-118643date:2018-10-17T00:00:00
db:BIDid:105680date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013820date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-984date:2018-10-18T00:00:00
db:NVDid:CVE-2018-0441date:2018-10-17T22:29:00.550