A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2021-03-24 20:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-1439
Mitre link : CVE-2021-1439
CVE.ORG link : CVE-2021-1439
JSON object : View
Products Affected
cisco
- catalyst_9800
- aironet_access_point_software
- aironet_2800
- aironet_1800
- catalyst_9800_firmware
- aironet_4800
- catalyst_iw6300
- esw6300
- 1100_integrated_services_router
- aironet_1560
- aironet_3800
- aironet_1540
- catalyst_9100
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')