Cisco Aironet DHCP Denial of Service Vulnerability

A vulnerability in the DHCP subsystem of Cisco Aironet access points could allow an unauthenticated, adjacent attacker to create a denial of service condition.

The vulnerability is due to an error condition that may occur when very short DHCP leases are in use. If an attacker can prevent the access point from renewing its lease, the device may restart after unsuccessful DHCP Renew attempts in an effort to reestablish network connectivity. The expected behavior is that the network interface would restart but not the device.

This vulnerability was reported to Cisco by Maxim Salomon and Timo Warns of Airbus Operations GmbH.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must be on the same collision or broadcast domain as the targeted device. This access requirement may reduce the possibility of successful exploit attempts.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.