Cisco has released software updates that address this vulnerability for the following products: Cisco Catalyst 9500 Series - 09.7.02 Cisco Catalyst 9600 Series - 09.7.02 Cisco Catalyst 9800 Series - 09.7.02 Cisco Aironet 1815 Series Access Points - 08.7.02 Cisco Aironet 1815I Series Access Points - 08.7.02 Cisco Aironet 1810 Series Access Points - 08.7.02 Cisco Aironet 1810X Series Access Points - 08.7.02 Cisco Aironet 1815X Series Access Points - 08.7.02 Cisco Wireless LAN Controllers - 17.7.02 Cisco IOS Software - 17.7.02 There are no known exploits in the wild of this vulnerability. Exploits that target this vulnerability may be published in the future. Cisco recommends that users review their system for association frame validation vulnerabilities. The following are some examples of how an attacker could exploit association frame validation vulnerabilities. Cisco devices allow the user to associate with any AP in the same VLAN. An attacker could send a crafted association request to associate with the AP with the highest VLAN ID. If the association request is accepted, traffic from the VLAN with the highest VLAN ID will be redirected to the attacker's device, causing a DoS condition. Cisco devices allow the user to associate with any AP. If a user associates with an AP that does not have the desired VLAN ID, traffic from

Description of association frame validation vulnerability

Association frame validation vulnerabilities allow an attacker to send a crafted association request to the AP with the highest VLAN ID. If the association request is accepted, traffic from the VLAN with the highest VLAN ID will be redirected to the attacker's device, causing a DoS condition.

What does this mean?

This means that if you are running custom code, there are certain things to keep in mind. For example, you may need to authenticate a user and check for their VLAN ID before accepting an association frame. If the association frame is accepted without authentication or checking for a valid VLAN ID, traffic may be redirected to the attacker's device causing a DoS condition.

Timeline

Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/05/2022 16:04:00 UTC

References