Vulnerability CVE-2006-0354

Vulnerability CVE-2006-0354

Published: 2006-01-22 Modified: 2012-02-12

Description:

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Access Point Memory Exhaustion from ARP Attacks	CISCO	13.01.2006

CVSS2 => (AV:A/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.5/10	6.9/10	5.1/10

Exploit range	Attack complexity	Authentication
Adjacent network	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
None	None	Complete

Affected software
Cisco -> Aironet ap1100
Cisco -> Aironet ap1130ag
Cisco -> Aironet ap1200
Cisco -> Aironet ap1230ag
Cisco -> Aironet ap1240ag
Cisco -> Aironet ap1300
Cisco -> Aironet ap1400
Cisco -> Aironet ap350

References:

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5680

http://securityreason.com/securityalert/339

http://securitytracker.com/id?1015483

http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml

http://www.securityfocus.com/bid/16217

http://www.vupen.com/english/advisories/2006/0176

https://exchange.xforce.ibmcloud.com/vulnerabilities/24086

Copyright 2024, cxsecurity.com