CVE-2006-0360

Current Description

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.

Basic Data

PublishedJanuary 22, 2006
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:S/C:N/I:N/A:C
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score5.5
SeverityMEDIUM
Exploitability Score5.1
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareCiscoAironet Ap1100********
    2.3HardwareCiscoAironet Ap1130ag********
    2.3HardwareCiscoAironet Ap1200********
    2.3HardwareCiscoAironet Ap1230ag********
    2.3HardwareCiscoAironet Ap1240ag********
    2.3HardwareCiscoAironet Ap1300********
    2.3HardwareCiscoAironet Ap1400********
    2.3HardwareCiscoAironet Ap350********

Vulnerable Software List

VendorProductVersions
Cisco Aironet Ap1230ag *
Cisco Aironet Ap1240ag *
Cisco Aironet Ap1300 *
Cisco Aironet Ap1400 *
Cisco Aironet Ap1200 *
Cisco Aironet Ap350 *
Cisco Aironet Ap1100 *
Cisco Aironet Ap1130ag *

References

NameSourceURLTags
18430http://secunia.com/advisories/18430SECUNIAPatch Vendor Advisory
339http://securityreason.com/securityalert/339SREASON
1015483http://securitytracker.com/id?1015483SECTRACKPatch
20060112 Access Point Memory Exhaustion from ARP Attackshttp://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtmlCISCOExploit Vendor Advisory
22375http://www.osvdb.org/22375OSVDB
16217http://www.securityfocus.com/bid/16217BID
ADV-2006-0176http://www.vupen.com/english/advisories/2006/0176VUPEN
cisco-aironet-arp-dos(24086)https://exchange.xforce.ibmcloud.com/vulnerabilities/24086XF
oval:org.mitre.oval:def:5680https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5680OVAL