Vulnerability Details : CVE-2016-6363
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-6363
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(15.14\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.2\(100.0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.2\(102.43\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(112.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(112.4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(131.0\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6363
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-6363
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6363
-
http://www.securitytracker.com/id/1036645
Cisco Aironet 802.11 Rate Limiting Error Lets Remote Users Cause the Target System to Reload - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/92511
Cisco Aironet Access Points CVE-2016-6363 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service VulnerabilityVendor Advisory
Jump to