← Back

CVE-2018-0441

nvd nist
Published: Oct 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.4
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 4.0
Source: NVD

Description

A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP.

Affected (9)

Products: Cisco: Access Points
Cisco
1 product
Access Points
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Access Points
Version 15.3(3)jd
Access Points
Version 8.0(140.0)
Access Points
Version 8.2(141.0)
Access Points
Version 8.2(151.0)
Access Points
Version 8.3(102.0)
Access Points
Version 8.3(112.0)
Access Points
Version 8.3(114.74)
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Access Points
Before 8.3.140.0
Access Points
From 8.4 to 8.5.110.0

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.