Vulnerability Description
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Aironet 1562 Firmware | - |
| Cisco | Aironet 1562D | - |
| Cisco | Aironet 1562E | - |
| Cisco | Aironet 1562I | - |
| Cisco | Aironet 2800 Firmware | - |
| Cisco | Aironet 2800E | - |
| Cisco | Aironet 2800I | - |
| Cisco | Aironet 3800 Firmware | - |
| Cisco | Aironet 3800E | - |
| Cisco | Aironet 3800I | - |
| Cisco | Aironet 3800P | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101655Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039714Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/101655Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039714Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12273?
CVE-2017-12273 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent att...
How severe is CVE-2017-12273?
CVE-2017-12273 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12273?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet 1562 Firmware, Cisco Aironet 1562D, Cisco Aironet 1562E, Cisco Aironet 1562I, Cisco Aironet 2800 Firmware.