Guest

Preview Tool

Cisco Bug: CSCua86190 - Format string vulnerability - WET200

Last Modified

Jan 27, 2017

Products (4)

  • Cisco Small Business Wireless Access Points
  • Cisco WAP2000 Wireless-G Access Point - PoE
  • Cisco WAP200 Wireless-G Access Point - PoE/Rangebooster
  • Cisco WET200 Wireless-G Business Ethernet Bridge

Known Affected Releases

2.0.4.0

Description (partial)

Symptom:
Cisco WET200 contains a vulnerability that could allow an unauthenticated, adjacent attacker to impact the integrity and availability of services
and data on the affected device.
The impact includes denial of services. Additionally, there may be the possibility that the attacker could be able to override part of the memory
of the affected device. However this latest attack is theoretical and could not be proven by Cisco.

The vulnerability is due to improper validation of the Service Set Identifier (SSID) when the affected product is performing a ''site survey'' to
discover the adjacent available networks. An attacker may be able to exploit this vulnerability by broadcasting a crafted SSID and convincing the
administrator of the affected device to perform a site survey.

Cisco would like to thank Mr. Deral Heiland from CDW Corp. for reporting and his help during the investigation of this vulnerability

Conditions:
none
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.