CVE-2016-9221

26.01.2017, 07:59

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cisco	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Vendor	Product	Version
cisco	aironet_access_point_software	8.2\(121.12\)
cisco	aironet_access_point_software	8.4\(1.82\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-399 -

References

http://www.securityfocus.com/bid/95631

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2

http://www.securityfocus.com/bid/95631

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2