Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco Aironet Wireless Devices Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1007317
|
|
CVE Reference: CAN-2003-0511
(Links to External Site)
|
Date: Jul 28 2003
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: VIGILANTe
|
Version(s): prior to 12.2(11)JA1; 1100, 1200, 1400 Model numbers
|
Description: A denial of service vulnerability was reported in the Cisco Aironet (AP1100, AP1200, AP1400) wireless devices. A remote user can cause the device to crash and reboot.
VIGILANTe reported that if the HTTP server feature is enabled on a Cisco Aironet Access Point, a remote user can submit a specially
crafted HTTP request to cause the system to crash and reboot.
According to Cisco, the following firmware versions are affected:
Cisco
Aironet Wireless Access Point AP1100 series
12.2(4)JA, 12.2(4)JA1, 12.2(8)JA, 12.2(11)JA
Cisco Aironet Wireless Access Point
AP1200 series
12.2(8)JA, 12.2(11)JA
Cisco Aironet Wireless Bridge AP1400 series
12.2(11)JA
According to the report,
Cisco Aironet Wireless Devices based on VxWorks are not affected.
VIGILANTe credits Reda Zitouni with discovery.
The vendor
was reportedly notified on June 19, 2003.
|
Impact: A remote user can cause the device to crash and reload.
|
Solution: According to VIGILANTe, a patch (c1100-k9w7) for the Aironet IOS version was reportedly released on July 3, 2003. Cisco reports
that the fixed version number is 12.2(11)JA1.
The vendor's advisory describes two potential workarounds. The vendor's advisory
is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml (Links to External Site)
|
Cause: Exception handling error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Jul 2003 12:27:03 -0400
Subject: Cisco Aironet AP1100 Crash Through HTTP Request Vulnerability
|
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
Versions: Cisco Aironet AP1100 Model 1120B Series; Firmware 12.2(4)JA and earlier.
CVE: CAN-2003-0511
VIGILANTe reported that if the HTTP server feature is enabled on a Cisco Aironet Access
Point, a remote user can submit a specially crafted HTTP request to cause the system to
crash and reboot.
According to Cisco, the following firmware versions are affected:
Cisco Aironet Wireless Access Point AP1100 series
12.2(4)JA, 12.2(4)JA1, 12.2(8)JA, 12.2(11)JA
Cisco Aironet Wireless Access Point AP1200 series
12.2(8)JA, 12.2(11)JA
Cisco Aironet Wireless Bridge AP1400 series
12.2(11)JA
According to the report, Cisco Aironet Wireless Devices based on VxWorks are not affected.
The vendor was reportedly notified on June 19, 2003.
A patch (c1100-k9w7) for the Aironet IOS version was reportedly released on July 3, 2003.
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml
VIGILANTe credits Reda Zitouni with discovery.
|
|
Go to the Top of This SecurityTracker Archive Page
|
