CVE-2017-12273

Name of the Vulnerable Software and Affected Versions Cisco Aironet 1560 Series Access Points Cisco Aironet 2800 Series Access Points Cisco Aironet 3800 Series Access Points

Description A vulnerability in 802.11 association request frame processing could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The issue is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this by sending a malformed 802.11 association request to the targeted device, allowing them to cause the AP to reload and resulting in a DoS condition while the AP is reloading.

Recommendations For Cisco Aironet 1560 Series Access Points, update to a version that includes the fix for the issue. For Cisco Aironet 2800 Series Access Points, update to a version that includes the fix for the issue. For Cisco Aironet 3800 Series Access Points, update to a version that includes the fix for the issue. As a temporary workaround, consider restricting access to the 802.11 association request frame processing functionality until a patch is available.