Info

Disclosure

Jan 12, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cisco Aironet Access Points contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends many spoofed ARP messages to the management interface of the AP, adding entries to the ARP table until the memory is exhausted, and will result in loss of availability for the AP until it is restarted.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public, Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to IOS version 12.3-7-JA2 or higher, as it has been reported to fix this vulnerability. In addition to the software upgrade, a configuration change is necessary: add the command L2-FILTER BLOCK-ARP to each radio interface. It is also possible to correct the flaw by implementing the following workaround(s): Use VLANs to isolate wireless clients from the Access Point (AP) management interface.

Products

Cisco Systems, Inc.	Cisco Aironet Wireless Bridges	1400 Series
	Cisco Aironet Access Points	1300 Series
		1240AG Series
		1230AG Series
		1200 Series
		1130AG Series
		1100 Series
		350 Series running IOS

References

Security Tracker: 1015483
Milw0rm: 1447
Exploit Database: 1447
Bugtraq ID: 16217
Secunia Advisory ID: 18430
SCIP VulDB ID: 1976
CVE ID: 2006-0354 (see also: NVD)
ISS X-Force ID: 24086
VUPEN Advisory: ADV-2006-0176
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0421.html
Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml

Credit

Eric Smith - Bucknell University

Direct URL: http://osvdb.org/22375

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

Cisco Aironet Wireless Bridges

Cisco Aironet Access Points

References

Credit