CVE-2018-0234

CWE-20Improper Input Validation4 documents4 sources
Severity
8.6HIGH
EPSS
1.2%
top 21.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Aironet Access Point Software
Timeline
PublishedMay 2
Latest updateMay 13

Description

A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

NVDcisco/aironet_access_point_software8.4\(100.0\), 8.5\(103.0\), 8.5\(105.0\)+2

🔴Vulnerability Details

2
GHSA
GHSA-h937-x287-5g89: A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Po2022-05-13
CVEList
CVE-2018-0234: A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Po2018-05-02

📋Vendor Advisories

1
Cisco
Cisco Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability2018-05-02
CVE-2018-0234 (HIGH CVSS 8.6) | A vulnerability in the implementati | cvebase.io