CVE-2017-12283

A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627.

CVSS v3 6.1 MEDIUM
CVSS v2.0 2.9 LOW

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability : 1.6 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

2.9^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/101645	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039718	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet4	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800p:-:::::::*

History

No history.

Information

Published : 2017-11-02 16:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-12283

Mitre link : CVE-2017-12283

CVE.ORG link : CVE-2017-12283

JSON object : View

Products Affected

cisco

aironet_3800_firmware
aironet_3800p
aironet_3800i
aironet_3800e

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2017-12283", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.6}]}, "published": "2017-11-02T16:29:00.677", "references": [{"url": "http://www.securityfocus.com/bid/101645", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039718", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet4", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627."}, {"lang": "es", "value": "Una vulnerabilidad en la gesti\u00f3n de 802.11w Protected Management Frames (PAF) por parte de Cisco Aironet 3800 Series Access Points podr\u00eda permitir que un atacante adyacente sin autenticar que finalice una conexi\u00f3n v\u00e1lida de un usuario a un dispositivo afectado. Esto tambi\u00e9n se conoce como denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad existe porque el dispositivo afectado no valida correctamente las tramas de desautenticaci\u00f3n y desasociaci\u00f3n 802.11w PAF que recibe. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una trama 802.11w PAF falsa desde un cliente v\u00e1lido autenticado en una red adyacente al dispositivo afectado. Un exploit exitoso podr\u00eda permitir que el atacante finalice una conexi\u00f3n v\u00e1lida de un usuario al dispositivo afectado. La vulnerabilidad afecta a los puntos de acceso que est\u00e1n configurados para ejecutarse en modo FlexConnect. Cisco Bug IDs: CSCvc20627."}], "lastModified": "2019-10-09T23:22:50.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFFE3575-DDAF-433E-8D77-4CCADADC99B9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF"}, {"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298"}, {"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}