Vulnerability CVE-2006-0354


Published: 2006-01-22   Modified: 2012-02-12

Description:
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Access Point Memory Exhaustion from ARP Attacks
CISCO
13.01.2006

Vendor: Cisco
Product: Aironet ap1300 
Product: Aironet ap1100 
Product: Aironet ap350 
Product: Aironet ap1200 
Product: Aironet ap1240ag 
Product: Aironet ap1400 
Product: Aironet ap1130ag 
Product: Aironet ap1230ag 

CVSS2 => (AV:A/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
6.9/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5680
http://securityreason.com/securityalert/339
http://securitytracker.com/id?1015483
http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml
http://www.securityfocus.com/bid/16217
http://www.vupen.com/english/advisories/2006/0176
https://exchange.xforce.ibmcloud.com/vulnerabilities/24086

Related CVE
CVE-2019-1915
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco U...
CVE-2019-15272
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerab...
CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that ar...
CVE-2019-15256
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an aff...
CVE-2019-12716
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac...
CVE-2019-12715
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac...
CVE-2019-12713
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so...
CVE-2019-12712
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so...

Copyright 2019, cxsecurity.com

 

Back to Top