CVE-2021-1439
7.4
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 4.0
Source: NVD
Description
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.
Affected (2)
Products: Cisco: Aironet Access Point Software, Catalyst 9800 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 Integrated Services Router | All versions |
Cisco Aironet 1540 | All versions |
Cisco Aironet 1560 | All versions |
Cisco Aironet 1800 | All versions |
Cisco Aironet 2800 | All versions |
Cisco Aironet 3800 | All versions |
Cisco Aironet 4800 | All versions |
Cisco Catalyst 9100 | All versions |
Cisco Catalyst Iw6300 | All versions |
Cisco Esw6300 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 17.1 to 17.3.3 |
| Running on/with | Platform Versions |
|---|---|
Cisco Catalyst 9800 | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.