Cisco Aironet 1800/Aironet 2800/Aironet 3800 up to 8.4.100.0 PPTP input validation

Summaryinfo

A vulnerability was found in Cisco Aironet 1800, Aironet 2800 and Aironet 3800 up to 8.4.100.0. It has been rated as problematic. This vulnerability affects unknown code of the component PPTP. Performing a manipulation results in input validation. This vulnerability is known as CVE-2018-0234. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Cisco Aironet 1800, Aironet 2800 and Aironet 3800 up to 8.4.100.0 (Wireless LAN Software). It has been classified as problematic. This affects an unknown function of the component PPTP. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on availability. The summary by CVE is:

A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition. This vulnerability affects Cisco Aironet 1810, 1830, and 1850 Series Access Points that are running Cisco Mobility Express Software Release 8.4.100.0, 8.5.103.0, or 8.5.105.0 and are configured as a master, subordinate, or standalone access point. Cisco Bug IDs: CSCvf73890.

The bug was discovered 05/02/2018. The weakness was published 05/02/2018 as cisco-sa-20180502-ap-ptp as confirmed advisory (Website). The advisory is shared at tools.cisco.com. This vulnerability is uniquely identified as CVE-2018-0234 since 11/27/2017. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 109728 (Cisco Wireless LAN Controller Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context c.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at Tenable (109728) and SecurityFocus (BID 104081†). Similar entries are available at VDB-117284, VDB-117286 and VDB-117291. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Wireless LAN Software

Vendor

• Cisco

Name

• Aironet 1800
• Aironet 2800
• Aironet 3800

Version

• 8.4.100

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion