CVE-2018-0441
published 2018-10-17CVE-2018-0441: A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause…
high7.4CVSS 3.0
AVAACLPRNUINSCCNINAH
A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | access_points | < 8.3.140.0 | 8.3.140.0 |
| cisco | access_points | — | — |
| cisco | access_points | — | — |
| cisco | access_points | — | — |
| cisco | access_points | — | — |
| cisco | access_points | — | — |
| cisco | access_points | — | — |
| cisco | access_points | — | — |
| cisco | access_points | >= 8.4 < 8.5.110.0 | 8.5.110.0 |
| cisco | cisco_aironet_access_point_software | — | — |
| cisco | ios_access_points | — | — |