首页 -> 安全研究

安全研究

安全漏洞
Cisco IOS Access Points Software拒绝服务漏洞(CVE-2019-1920)

发布日期:2019-08-06
更新日期:2019-08-06

受影响系统:
Cisco IOS Access Points Software 8.7
Cisco IOS Access Points Software 8.6
Cisco IOS Access Points Software 8.5
Cisco IOS Access Points Software 8.4
Cisco IOS Access Points Software 8.3
Cisco IOS Access Points Software 8.2
Cisco IOS Access Points Software 8.1
Cisco IOS Access Points Software 8.0
Cisco Aironet 3700 Series Access Points
不受影响系统:
Cisco IOS Access Points Software 8.9
Cisco IOS Access Points Software 8.8.100.0
Cisco IOS Access Points Software 8.8
Cisco IOS Access Points Software 8.5.131.0
Cisco IOS Access Points Software 8.3.150.0
Cisco IOS Access Points Software 8.2.170.0
描述:
BUGTRAQ  ID: 109312
CVE(CAN) ID: CVE-2019-1920

Cisco IOS Access Points Software是美国思科公司的一套专用于Cisco无线接入点设备的软件。
Cisco IOS Access Points Software的802.11r 快速过渡(FT)实施中存在拒绝服务漏洞,该漏洞源于发送到为快速过渡(FT)配置目标接口的客户端验证请求缺少完整的错误处理条件。未经验证的相邻攻击者可通过向目标接口发送特制的身份验证请求流量来利用此漏洞,从而导致设备意外重启。

<*来源:Cisco
  
  链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos
*>

建议:
厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20190717-aironet-dos)以及相应补丁:
cisco-sa-20190717-aironet-dos:Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos

补丁下载:

浏览次数:1841
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障