CVE-2018-0441

{"id": "CVE-2018-0441", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2018-10-17T22:29:00.550", "references": [{"url": "http://www.securityfocus.com/bid/105680", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1041918", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/105680", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1041918", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP."}, {"lang": "es", "value": "Una vulnerabilidad en el conjunto de caracter\u00edsticas 802.11r Fast Transition en Cisco IOS Access Points (APs) Software podr\u00eda permitir que un atacante adyacente sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la corrupci\u00f3n de ciertos mecanismos de temporizaci\u00f3n desencadenados por eventos concretos de roaming. Esta corrupci\u00f3n acabar\u00e1 provocando un cierre inesperado del temporizador. Un atacante podr\u00eda explotar esta vulnerabilidad enviando eventos maliciosos de reasociaci\u00f3n m\u00faltiples veces al mismo AP en un corto espacio de tiempo, lo que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el AP afectado."}], "lastModified": "2024-11-21T03:38:14.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:access_points:8.0\\(140.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2819B0-F330-4842-A71E-B0BADF999FEF"}, {"criteria": "cpe:2.3:o:cisco:access_points:8.2\\(141.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E8217BA-0CEC-4E93-853E-EE86C2118954"}, {"criteria": "cpe:2.3:o:cisco:access_points:8.2\\(151.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F92DE6E7-FFCA-4206-8C40-124A243778A9"}, {"criteria": "cpe:2.3:o:cisco:access_points:8.3\\(102.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67AA1EAD-5FD9-44F0-836E-16D93E7D8D02"}, {"criteria": "cpe:2.3:o:cisco:access_points:8.3\\(112.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32A6643B-AAB1-4D92-82CE-1F369FDFB796"}, {"criteria": "cpe:2.3:o:cisco:access_points:8.3\\(114.74\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D16FE04-C08A-44B8-9EB3-D6C1E2E117DB"}, {"criteria": "cpe:2.3:o:cisco:access_points:15.3\\(3\\)jd:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF5D480-A6E6-4933-BDA8-782C71D8EA67"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B3BAA1-C708-40E2-8C2F-42EA78825B8D", "versionEndExcluding": "8.3.140.0"}, {"criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F09BB9-D027-40C7-8D49-3AEC96C530EA", "versionEndExcluding": "8.5.110.0", "versionStartIncluding": "8.4"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}