SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Aironet Vendors:   Cisco
Cisco Aironet EAP Frame Processing Bug Lets Remote Users Cause the Target System to Reload
SecurityTracker Alert ID:  1039715
SecurityTracker URL:  http://securitytracker.com/id/1039715
CVE Reference:   CVE-2017-12274   (Links to External Site)
Date:  Nov 1 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1560, 2800, and 3800 Series
Description:   A vulnerability was reported in Cisco Aironet. A remote user on the wireless network can cause the target system to reload.

A remote user on the wireless network can send a specially crafted Extensible Authentication Protocol (EAP) frame to the target device to trigger an input validation flaw and cause the target access point to reload.

A manual power reset may be required to return the system to normal operations.

The vendor has assigned bug ID CSCve18935 to this vulnerability.

This vulnerability was found during internal security testing.

Impact:   A remote user on the layer 2 wireless network can cause the target system to reload.

A manual power reset may be required to return the system to normal operations.

Solution:   The vendor has issued a fix (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0, future version 8.5.105.0).

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2 (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC