Cisco Bug: CSCul15509 - AP crash if malformed EAP frame received w/ "debug dot11 aaa ..." set
Last Modified
Aug 06, 2018
Products (1)
- Cisco Aironet 3700 Series Access Points
Known Affected Releases
12.4(25d)JA1
Description (partial)
Symptoms: A vulnerability in the debugging features of Cisco IOS running on Aironet Access Points could allow an unauthenticate, adjacent attacker to create a denial of service condition. The vulnerability is due to a failure to properly process a certain debugging message that may occur when the 'debug dot11 aaa authenticator all' command is enabled and a specifically malformed EAP packet is received. An attacker could exploit this vulnerability by sending a packet specifically designed to trigger the issue while a network administrator is actively debugging the device. This vulnerability was reported to Cisco by Maxim Salomon and Timo Warns of Airbus Operations GmbH. Conditions: Devices running an affected version of Cisco IOS software and that have enabled the 'debug dot11 aaa authenticator all' command
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases