CVE-2018-0441

Published Oct 17, 2018

Last updated 4 days ago

CVSS high 7.4

Overview

Description: A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.4
Impact score: 4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.1
Impact score: 6.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

ykramarz@cisco.com: CWE-400
nvd@nist.gov: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:access_points:8.0\\(140.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A2819B0-F330-4842-A71E-B0BADF999FEF"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:8.2\\(141.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E8217BA-0CEC-4E93-853E-EE86C2118954"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:8.2\\(151.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F92DE6E7-FFCA-4206-8C40-124A243778A9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:8.3\\(102.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67AA1EAD-5FD9-44F0-836E-16D93E7D8D02"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:8.3\\(112.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32A6643B-AAB1-4D92-82CE-1F369FDFB796"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:8.3\\(114.74\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D16FE04-C08A-44B8-9EB3-D6C1E2E117DB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:15.3\\(3\\)jd:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AF5D480-A6E6-4933-BDA8-782C71D8EA67"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27B3BAA1-C708-40E2-8C2F-42EA78825B8D",
            "versionEndExcluding": "8.3.140.0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19F09BB9-D027-40C7-8D49-3AEC96C530EA",
            "versionEndExcluding": "8.5.110.0",
            "versionStartIncluding": "8.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References