CVE-2018-0415 — MEDIUM (6.8)

Q: How severe is CVE-2018-0415?

CVE-2018-0415 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-0415?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wap121 Firmware, Cisco Wap121, Cisco Wap125 Firmware, Cisco Wap125, Cisco Wap131 Firmware.

Vulnerability Description

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Wap121 Firmware	<= 1.0.6.6
Cisco	Wap121	-
Cisco	Wap125 Firmware	<= 1.0.6.6
Cisco	Wap125	-
Cisco	Wap131 Firmware	<= 1.0.6.6
Cisco	Wap131	-
Cisco	Wap150 Firmware	<= 1.0.6.6
Cisco	Wap150	-
Cisco	Wap321 Firmware	<= 1.0.6.6
Cisco	Wap321	-
Cisco	Wap351 Firmware	<= 1.0.6.6
Cisco	Wap351	-
Cisco	Wap361 Firmware	<= 1.0.6.6
Cisco	Wap361	-
Cisco	Wap371 Firmware	<= 1.0.6.6
Cisco	Wap371	-

Related Weaknesses (CWE)

CWE-388

References

http://www.securityfocus.com/bid/105116Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/105116Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2018-0415?

CVE-2018-0415 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series...

How severe is CVE-2018-0415?

CVE-2018-0415 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0415?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wap121 Firmware, Cisco Wap121, Cisco Wap125 Firmware, Cisco Wap125, Cisco Wap131 Firmware.