CVE-2021-34740

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.

CVSS v3.0 7.4 HIGH
CVSS v2.0 6.1 MEDIUM

7.4^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:aironet_access_point_software::::::::
	cpe:2.3:o:cisco:aironet_access_point_software:17.2:::::::*
	cpe:2.3:o:cisco:aironet_access_point_software:17.3:::::::*

OR	cpe:2.3:h:cisco:6300_series_access_points:-:::::::*
	cpe:2.3:h:cisco:aironet_1540:-:::::::*
	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
	cpe:2.3:h:cisco:aironet_1560:-:::::::*
	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
	cpe:2.3:h:cisco:aironet_1800:-:::::::*
	cpe:2.3:h:cisco:aironet_1800i:-:::::::*
	cpe:2.3:h:cisco:aironet_1810:-:::::::*
	cpe:2.3:h:cisco:aironet_1810w:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:aironet_1815i:-:::::::*
	cpe:2.3:h:cisco:aironet_1830:-:::::::*
	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
	cpe:2.3:h:cisco:aironet_1840:-:::::::*
	cpe:2.3:h:cisco:aironet_1850:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:aironet_2800:-:::::::*
	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800:-:::::::*
	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800p:-:::::::*
	cpe:2.3:h:cisco:aironet_4800:-:::::::*
	cpe:2.3:h:cisco:catalyst_9100:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105axw:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axp:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124axd:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300_ac:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300_dc:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:::::::*
	cpe:2.3:h:cisco:isr_1100:-:::::::*
	cpe:2.3:h:cisco:isr_1100-4g\/6g:-:::::::*
	cpe:2.3:h:cisco:isr_1100-4p:-:::::::*
	cpe:2.3:h:cisco:isr_1100-8p:-:::::::*
	cpe:2.3:h:cisco:isr_1101:-:::::::*
	cpe:2.3:h:cisco:isr_1101-4p:-:::::::*
	cpe:2.3:h:cisco:isr_1109:-:::::::*
	cpe:2.3:h:cisco:isr_1109-2p:-:::::::*
cpe:2.3:h:cisco:isr_1109-4p:-:::::::*
cpe:2.3:h:cisco:isr_1111x:-:::::::*
cpe:2.3:h:cisco:isr_1111x-8p:-:::::::*
cpe:2.3:h:cisco:isr_111x:-:::::::*
cpe:2.3:h:cisco:isr_1120:-:::::::*
cpe:2.3:h:cisco:isr_1160:-:::::::*

Information

Published : 2021-09-22 20:15

Updated : 2021-10-14 07:14

NVD link : CVE-2021-34740

Mitre link : CVE-2021-34740

JSON object : View

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

Products Affected

cisco

catalyst_9117
catalyst_9117_ap
aironet_3800e
aironet_1800i
catalyst_9120axe
catalyst_iw6300_dc
aironet_1830
catalyst_9115
catalyst_9130axe
catalyst_9115axi
catalyst_iw6300
catalyst_9120
catalyst_9120axp
catalyst_9130_ap
catalyst_9120axi
isr_1109-2p
isr_1111x-8p
aironet_3800p
aironet_2800i
isr_1100-8p
aironet_2800e
aironet_3800
catalyst_9124axd
aironet_1540
catalyst_9105axw
isr_1100
aironet_1562i
aironet_1810
catalyst_9105axi
catalyst_iw6300_ac
aironet_1810w
aironet_1542d
catalyst_iw6300_dcw
aironet_access_point_software
aironet_1562d
isr_1109-4p
isr_1101-4p
aironet_1850
isr_1100-4p
catalyst_9120_ap
isr_111x
aironet_1562e
isr_1120
catalyst_9117axi
isr_1160
aironet_1542i
aironet_1815
aironet_1850e
aironet_1840
catalyst_9130
catalyst_9105
aironet_1560
isr_1109
aironet_1815i
aironet_1850i
catalyst_9115axe
catalyst_9124
aironet_3800i
isr_1111x
catalyst_9115_ap
aironet_4800
aironet_1830i
aironet_2800
catalyst_9130axi
6300_series_access_points
catalyst_9124axi
aironet_1800
isr_1100-4g\/6g
aironet_1830e
catalyst_9100
isr_1101

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL", "name": "20210922 Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-401"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-34740", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}}, "publishedDate": "2021-09-23T03:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.10.162.0", "versionStartIncluding": "8.10.0"}, {"cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_software:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:aironet_access_point_software:17.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:6300_series_access_points:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1810w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1830:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_iw6300_ac:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_iw6300_dc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1100-4g\\/6g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1111x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_111x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-10-14T14:14Z"}

7.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-34740

7.4^/10

6.1^/10

Attach tags to `CVE-2021-34740`