Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability

cisco-sa-20171101-iosap · Medium · Published · Updated

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-iosap

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-12279
Cisco Bug IDsCSCvc21581
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Aironet Access Point Software

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2017-12279 Cisco OpenVuln
Cisco IOS Software CVE-2017-12279 Cisco OpenVuln
Cisco IOS CVE-2017-12279 Cisco OpenVuln
Cisco Aironet Access Point Software CVE-2017-12279 Cisco OpenVuln