Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1439

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.

Published

2021-03-24T20:15:14.977

Last Modified

2024-11-21T05:44:22.010

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	aironet_access_point_software	-	Yes
Hardware	cisco	1100_integrated_services_router	-	No
Hardware	cisco	aironet_1540	-	No
Hardware	cisco	aironet_1560	-	No
Hardware	cisco	aironet_1800	-	No
Hardware	cisco	aironet_2800	-	No
Hardware	cisco	aironet_3800	-	No
Hardware	cisco	aironet_4800	-	No
Hardware	cisco	catalyst_9100	-	No
Hardware	cisco	catalyst_iw6300	-	No
Hardware	cisco	esw6300	-	No
Operating System	cisco	catalyst_9800_firmware	< 17.3.3	Yes
Hardware	cisco	catalyst_9800	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)