Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks

Summary - from the original advisory

A vulnerability exists in Cisco Aironet Wireless Access Points (AP) running IOS which may allow a malicious user to send a crafted attack via IP address Resolution Protocol (ARP) to the Access point which will cause the device to stop passing traffic and/or drop user connections.

Repeated exploitation of this vulnerability will create a sustained DoS (denial of service).

Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060112- wireless.shtml.

Affected Products

Vulnerable Products

This security advisory applies to all Cisco Aironet Wireless Access Points that run Cisco IOS Software. The affected device types include:

• Cisco Aironet 1400 Series Wireless Bridges
  
• Cisco Aironet 1300 Series Access Points
  
• Cisco Aironet 1240AG Series Access Points
  
• Cisco Aironet 1230AG Series Access Points
  
• Cisco Aironet 1200 Series Access Points
  
• Cisco Aironet 1130AG Series Access Points
  
• Cisco Aironet 1100 Series Access Points
  
• Cisco Aironet 350 Series Access Points running IOS

Products Confirmed Not Vulnerable

• Cisco Wireless devices running a VxWorks based image (Version 12.05 and earlier)
  

No other Cisco products are currently known to be affected by this vulnerability.