CVE-2017-12274

Name of the Vulnerable Software and Affected Versions Cisco Aironet 1560 Series Access Points Cisco Aironet 2800 Series Access Points Cisco Aironet 3800 Series Access Points

Description A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The issue is due to insufficient validation of the EAP frame. An attacker could exploit this by sending a malformed EAP frame to the targeted device, causing the AP to reload and resulting in a DoS condition while the AP is reloading. In some cases, manual power cycling of the device may be necessary for recovery.

Recommendations For Cisco Aironet 1560 Series Access Points, consider disabling EAP frame processing until a patch is available. For Cisco Aironet 2800 Series Access Points, restrict access to EAP ingress frame processing to minimize the risk of exploitation. For Cisco Aironet 3800 Series Access Points, avoid using malformed EAP frames in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.