Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-12283
HistoryNov 02, 2017 - 4:29 p.m.

CVE-2017-12283

2017-11-0216:29:00
CWE-119
cisco
web.nvd.nist.gov
44
cve-2017-12283
cisco aironet
access points
802.11w
denial of service
vulnerability
flexconnect mode
nvd
security

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627.

Affected configurations

Nvd
Node
ciscoaironet_3800_firmwareMatch-
AND
ciscoaironet_3800eMatch-
OR
ciscoaironet_3800iMatch-
OR
ciscoaironet_3800pMatch-
VendorProductVersionCPE
ciscoaironet_3800_firmware-cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*
ciscoaironet_3800e-cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*
ciscoaironet_3800i-cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*
ciscoaironet_3800p-cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Aironet 3800 Series Access Points",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Aironet 3800 Series Access Points"
      }
    ]
  }
]

Related

nvd 1
openvas 1
cvelist 1
prion 1
cisco 1
nvd
nvd
CVE-2017-12283
2017-11-02 16:29:00
openvas
openvas
Cisco Aironet Access Points Protected Management Frames User Denial of Service Vulnerability
2017-11-02 00:00:00
cvelist
cvelist
CVE-2017-12283
2017-11-02 16:00:00
prion
prion
Design/Logic Flaw
2017-11-02 16:29:00
cisco
cisco
Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability
2017-11-01 16:00:00

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON
Related for CVE-2017-12283
nvd1openvas1cvelist1prion1cisco1