CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-1437 – Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1437
24 Mar 2021 — A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected ac... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-info-disc-BfWqghj • CWE-275: Permission Issues •
CVSS: 7.4EPSS: 0%CPEs: 30EXPL: 0CVE-2020-3552 – Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3552
24 Sep 2020 — A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 1%CPEs: 33EXPL: 0CVE-2020-3559 – Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3559
24 Sep 2020 — A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. Una vulnerabilidad en Cisco Aironet Access Point (AP) Softw... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 1%CPEs: 58EXPL: 0CVE-2020-3560 – Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3560
24 Sep 2020 — A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, re... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0249
https://notcve.org/view.php?id=CVE-2018-0249
02 May 2018 — A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a m... • http://www.securitytracker.com/id/1040816 • CWE-20: Improper Input Validation •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0250
https://notcve.org/view.php?id=CVE-2018-0250
02 May 2018 — A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful expl... • http://www.securitytracker.com/id/1040818 • CWE-693: Protection Mechanism Failure •
CVSS: 8.6EPSS: 1%CPEs: 3EXPL: 0CVE-2018-0234
https://notcve.org/view.php?id=CVE-2018-0234
02 May 2018 — A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a... • http://www.securityfocus.com/bid/104081 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0247
https://notcve.org/view.php?id=CVE-2018-0247
02 May 2018 — A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successfu... • http://www.securityfocus.com/bid/104087 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 6%CPEs: 11EXPL: 0CVE-2017-3831 – Cisco Security Advisory 20170315-ap1800
https://notcve.org/view.php?id=CVE-2017-3831
15 Mar 2017 — A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the ... • http://www.securityfocus.com/bid/96909 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9220
https://notcve.org/view.php?id=CVE-2016-9220
26 Jan 2017 — A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91). Una vulnerabilidad de denegación de servicio en el procesami... • http://www.securityfocus.com/bid/95633 • CWE-399: Resource Management Errors •