漏洞标题
N/A
漏洞描述信息
在Cisco小型企业100系列无线接入点和Cisco小型企业300系列无线接入点中实现LAN(EAPOL)功能中的可解漏洞可能导致未授权的相邻攻击者降低加密算法在认证服务器(接入点)和客户端(Wi-Fi客户端)之间的加密级别。该漏洞是由于在Wi-Fi握手过程中接收的一些EAPOL消息的不正确处理。攻击者可以通过在客户端和认证服务器之间建立一个中间人位置并操纵EAPOL消息交换,强制使用WPA-TKIP加密算法而不是更安全的AES-CCMP加密算法来利用此漏洞。成功利用此漏洞可能导致攻击者进行后续加密攻击,从而导致机密信息泄露。Cisco Bug ID: CSCvj29229。
CVSS信息
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.
CVSS信息
N/A
漏洞类别
加密问题
漏洞标题
Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points 加密问题漏洞
漏洞描述信息
Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points都是美国思科(Cisco)公司的不同系列的无线接入点产品,它提供高容量的无线局域网和访客接入服务等功能。 Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Po
CVSS信息
N/A
漏洞类别
加密问题