CVE-2006-0354
published 2006-01-22CVE-2006-0354: Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet…
PriorityP426medium5.5CVSS 2.0
AVAACLAuSCNINAC
EXPLOIT
EPSS
10.25%
95.1th percentile
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Access Point Memory Exhaustion from ARP Attacks
vendor_cisco·2006-01-12
CVE-2006-0354 CWE-399 Access Point Memory Exhaustion from ARP Attacks
Access Point Memory Exhaustion from ARP Attacks
A vulnerability exists in Cisco Aironet Wireless Access Points (AP)
running IOS which may allow a malicious user to send a crafted attack via IP
address Resolution Protocol (ARP) to the Access point which will cause the
device to stop passing traffic and/or drop user connections.
Repeated exploitation of this vulnerability will create a sustained
DoS (denial of service).
Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate the effects
of the vulnerability.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060112-wireless.
Cisco
Access Point Memory Exhaustion from ARP Attacks
vendor_cisco
CVE-2006-0354 Access Point Memory Exhaustion from ARP Attacks
CVE-2006-0354: Access Point Memory Exhaustion from ARP Attacks
A vulnerability exists in Cisco Aironet Wireless Access Points (AP) running IOS which may allow a malicious user to send a crafted attack via IP address Resolution Protocol (ARP) to the Access point which will cause the device to stop passing traffic and/or drop user connections. Repeated exploitation of this vulnerability will create a sustained DoS (denial of service). Cisco has made free software available to address this vulnerability for affected customers. There are
CWE: CWE-399, CWE-399
Bug IDs: CSCsc16644
GHSA
GHSA-jccp-q6rh-8v47: Cisco IOS before 12
ghsa_unreviewed·2022-05-01
CVE-2006-0354 [MEDIUM] GHSA-jccp-q6rh-8v47: Cisco IOS before 12
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.
No detection rules found.
http://secunia.com/advisories/18430http://securityreason.com/securityalert/339http://securitytracker.com/id?1015483http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtmlhttp://www.osvdb.org/22375http://www.securityfocus.com/bid/16217http://www.vupen.com/english/advisories/2006/0176https://exchange.xforce.ibmcloud.com/vulnerabilities/24086https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5680http://secunia.com/advisories/18430http://securityreason.com/securityalert/339http://securitytracker.com/id?1015483http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtmlhttp://www.osvdb.org/22375http://www.securityfocus.com/bid/16217http://www.vupen.com/english/advisories/2006/0176https://exchange.xforce.ibmcloud.com/vulnerabilities/24086https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5680
2006-01-22
Published