CVE-2016-6361

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.8%

top 25.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Aironet Access Point Software

Timeline

PublishedAug 22

Latest updateMay 17

Description

The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/aironet_access_point_software7 versions+6

🔴Vulnerability Details

GHSA

GHSA-hc4m-q63q-6fc3: The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8↗2022-05-17

▶

CVEList

CVE-2016-6361: The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8↗2016-08-22

▶

📋Vendor Advisories

Cisco

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability↗2016-08-17

▶