Vulnslist

find the latest Cisco vulnerabilities

Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability

cisco-sa-20170118-cme1 · Medium · Published · Updated

A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. The vulnerability is due to lack of proper error handling when the 802.11 frame is received with an unexpected status code. An attacker could exploit this vulnerability by sending a crafted 802.11 frame to the targeted device. An exploit could allow the attacker to impact the availability of the device due to the connection table being filled with invalid connections. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-9220
Cisco Bug IDsCSCvb66659
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Aironet Access Point Software

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2016-9220 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2016-9220 Cisco OpenVuln
Cisco Mobility Express CVE-2016-9220 Cisco OpenVuln
Cisco Aironet Access Point Software CVE-2016-9220 Cisco OpenVuln