The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.
2014-11-15T02:59:01.517
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.1 (MEDIUM)
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.5
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | ios | - | Yes |
| Hardware | cisco | aironet_1040 | - | No |
| Hardware | cisco | aironet_1140 | - | No |
| Hardware | cisco | aironet_1260 | - | No |
| Hardware | cisco | aironet_3500 | - | No |
| Hardware | cisco | aironet_3600 | - | No |
| Hardware | cisco | aironet_3600e | - | No |
| Hardware | cisco | aironet_3600i | - | No |
| Hardware | cisco | aironet_3600p | - | No |
| Hardware | cisco | aironet_600_office_extend | - | No |
| Hardware | cisco | aironet_ap1100 | * | No |
| Hardware | cisco | aironet_ap1130ag | * | No |
| Hardware | cisco | aironet_ap1131 | * | No |
| Hardware | cisco | aironet_ap1200 | * | No |
| Hardware | cisco | aironet_ap1230ag | * | No |
| Hardware | cisco | aironet_ap1240 | * | No |
| Hardware | cisco | aironet_ap1240ag | * | No |
| Hardware | cisco | aironet_ap1300 | * | No |
| Hardware | cisco | aironet_ap1400 | * | No |
| Hardware | cisco | aironet_ap340 | * | No |
| Hardware | cisco | aironet_ap340 | 11.21 | No |
| Hardware | cisco | aironet_ap350 | * | No |
| Hardware | cisco | aironet_ap350 | 11.21 | No |