Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-0381
HistoryOct 17, 2018 - 10:29 p.m.

CVE-2018-0381

2018-10-1722:29:00
CWE-400
CWE-667
[email protected]
web.nvd.nist.gov
25
cisco
aironet
access points
vulnerability
dos
cve-2018-0381

5.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to dequeue aggregated traffic that is destined to an attacker-controlled wireless client. An attacker who can successfully transition between multiple Service Set Identifiers (SSIDs) hosted on the same AP while replicating the required traffic patterns could trigger the deadlock condition. A watchdog timer that detects the condition will trigger a reload of the device, resulting in a DoS condition while the device restarts.

Affected configurations

NVD
Node
ciscoaironet_access_pointsMatch8.2\(166.0\)
OR
ciscoaironet_access_pointsMatch8.2\(167.3\)
OR
ciscoaironet_access_pointsMatch8.3\(133.0\)
OR
ciscoaironet_access_pointsMatch8.3\(141.10\)
OR
ciscoaironet_access_pointsMatch8.5\(120.0\)
OR
ciscoaironet_access_pointsMatch8.7\(1.96\)
OR
ciscoaironet_access_pointsMatch8.7\(1.99\)
OR
ciscoaironet_access_pointsMatch8.7\(1.107\)

CNA Affected

[
  {
    "product": "Cisco Aironet Access Points ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "8.2"
      },
      {
        "status": "affected",
        "version": "8.3"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "8.7"
      }
    ]
  }
]

Related

nvd 1
cisco 1
prion 1
cvelist 1
nvd
nvd
CVE-2018-0381
2018-10-17 22:29:00
cisco
cisco
Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability
2018-10-17 16:00:00
prion
prion
Race condition
2018-10-17 22:29:00
cvelist
cvelist
CVE-2018-0381 Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability
2018-10-17 00:00:00

5.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON
Related for CVE-2018-0381
nvd1cisco1prion1cvelist1