what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VIGILANTE-2003001.txt

VIGILANTE-2003001.txt
Posted Jul 29, 2003
Authored by Reda Zitouni | Site vigilante.com

Vigilante Advisory 2003001 - It is possible to cause Cisco Aironet Access Point to crash and reboot if the HTTP server feature is enabled. This can be accomplished by submitting a specially crafted request to the web server. There is no need to authenticate to perform this attack, only access to the web server is required. The Aironet bridge reboots upon receiving the request and failing to handle correctly this one. Afterwards, no further access to the WLAN or its services is possible.

tags | advisory, web
systems | cisco
advisories | CVE-2003-0511
SHA-256 | 09dfb097fa92748f917490889523147c68604ec665bb7b5d1d0bcc10d69cd1d3

VIGILANTE-2003001.txt

Change Mirror Download
VIGILANTe Security Watch Advisory

Name: Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability
Systems Affected: Tested on a Cisco Aironet AP1100 Model 1120B Series
Wireless device.
Firmware version 12.2(4)JA and earlier.
Severity: High Risk
Vendor URL: http://www.vigilante.com
Authors: Reda Zitouni (reda.zitouni@vigilante.com)
Date: 28th July 2003
Advisory Code: VIGILANTE-2003001

Description
***********
Cisco Aironet 1100 Series Access Point is a device manufactured by Cisco
Systems offering a WLAN solution based on the 802.11b Wifi standard.
The Arionet Bridge is vulnerable to a denial of service.This can be
exploited remotely by an attacker. No user login or password is
necessary.

Details
*******

It is possible to cause Cisco Aironet Access Point to crash and reboot
if the HTTP server feature is enabled. This can be accomplished by
submitting a specially crafted request to the web server. There is no
need to authenticate to perform this attack, only access to the web
server is required. The Aironet bridge reboots upon receiving the
request and failing to handle correctly this one. Afterwards, no further
access to the WLAN or its services is possible.

Vendor status:
**************
Cisco was contacted June 19, 2003 and answered the same day. 5 days
later, they told us that they would release a patch soon. The patch was
finally released July 3, 2003.

Vulnerability Assessment:
A test case to detect this vulnerability was added to SecureScan NX in
the upgrade package of July 28, 2003. You can see the documentation of
this test case 17655 on SecureScan NX web site at
http://securescannx.vigilante.com/tc/17655 .
Fix: A firmware upgrading the Aironet IOS version to c1100-k9w7 has
been released by Cisco. Please note that this version fixes some other
bugs as TC 15438 (refer to release note).

Workaround:
***********
1. If not needed - disable access to the web feature on the Aironet
Bridge.
2. If needed - restrict access to the HTTP service for outside
connections.
CVE: Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted and assigned CAN-2003-0511 to this
vulnerability.

Links:
*****
Cisco Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml
Vigilante Advisory:
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
Product Homepage: http://www.cisco.com/warp/public/cc/pd/witc/ps4570
CVE: CAN-2003-0511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CAN-2003-0511


Credit:
******
This vulnerability was discovered by Reda Zitouni, member of our
Security Watch Team at VIGILANTe.
We wish to thank Cisco PSIRT Team for their fast answer to fix this
problem.

Copyright VIGILANTe.com, Inc. 2003-07-28

Disclaimer:
**********
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any consequences whatsoever arising out
of or in connection with the use or spread of this information. Any use
of this information lays within the user's responsibility.

Feedback:
********
Please send suggestions, updates, and comments to
securitywatch@vigilante.com.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close