Cisco Aironet Access Point Software vulnerabilities

CVE-2023-20097 [MEDIUM] CWE-77 CVE-2023-20097: A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller

CVE-2023-20056 [MEDIUM] CWE-78 CVE-2023-20056: A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticat A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a devi

CVE-2022-20622 [HIGH] CWE-770 CVE-2022-20622: A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catal A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usa

CVE-2021-34740 [HIGH] CWE-401 CVE-2021-34740: A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected

CVE-2020-3559 [HIGH] CWE-400 CVE-2020-3559: A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote a A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affec

CVE-2020-3552 [HIGH] CWE-476 CVE-2020-3552: A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the E

CVE-2020-3560 [HIGH] CWE-400 CVE-2020-3560: A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific po

CVE-2018-0234 [HIGH] CWE-20 CVE-2018-0234: A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in C A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic R

CVE-2018-0249 [MEDIUM] CWE-20 CVE-2018-0249: A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Acc A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. T

CVE-2018-0247 [MEDIUM] CWE-287 CVE-2018-0247: A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific con

CVE-2018-0250 [MEDIUM] CWE-693 CVE-2018-0250: A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco A A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the cli

CVE-2017-3831 [CRITICAL] CWE-264 CVE-2017-3831: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface.

CVE-2016-9220 [MEDIUM] CWE-399 CVE-2016-9220: A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2

CVE-2016-9221 [MEDIUM] CWE-399 CVE-2016-9221: A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when co

CVE-2016-6362 [HIGH] CWE-264 CVE-2016-6362: Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.

CVE-2016-6361 [MEDIUM] CWE-20 CVE-2016-6361: The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 d The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.

CVE-2016-6363 [MEDIUM] CWE-119 CVE-2016-6363: The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 d The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192.

CVE-2016-1419 [HIGH] CWE-20 CVE-2016-1419: Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of ser Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.

CVE-2015-6320 [HIGH] CWE-399 CVE-2015-6320: The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138.

CVE-2015-6336 [HIGH] CWE-255 CVE-2015-6336: Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.