CVE-2016-6361
medium
CVSS v3
6.5
CVSS v2
6.1
VIR risk
6.5
Description
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.
Predictions
Exploit likelihood
65%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | aironet_access_point_software | 8.1\(15.14\) | |
| cisco | aironet_access_point_software | 8.1\(112.3\) | |
| cisco | aironet_access_point_software | 8.1\(112.4\) | |
| cisco | aironet_access_point_software | 8.1\(131.0\) | |
| cisco | aironet_access_point_software | 8.2\(100.0\) | |
| cisco | aironet_access_point_software | 8.2\(102.43\) | |
| cisco | aironet_access_point_software | 8.3.0 | |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap
- http://www.securityfocus.com/bid/92508
- http://www.securitytracker.com/id/1036648
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap
- http://www.securityfocus.com/bid/92508
- http://www.securitytracker.com/id/1036648
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.