CVE-2016-9221 Cisco CVE debrief

Who should care

Network and wireless administrators running Cisco Mobility Express 2800/3800 access points, especially environments using local mode in 40 MHz configuration. Security teams responsible for campus Wi-Fi availability should also review it.

Technical summary

The vulnerability is described as a denial-of-service condition in 802.11 ingress connection authentication handling. NVD classifies it as AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, which aligns with a nearby attacker being able to disrupt authentication without credentials. The affected CPEs in the supplied data are Cisco Aironet access point software versions 8.2(121.12) and 8.4(1.82), and Cisco lists fixed releases including 8.2(131.2), 8.2(131.3), 8.2(131.4), 8.2(141.0), 8.3(104.53), 8.3(104.54), 8.4(1.80), and 8.4(1.85).

Defensive priority

Medium. The impact is limited to availability, but the attack requires no authentication and can affect wireless service in a specific deployment mode. Prioritize remediation if the affected AP models and software versions are in use.

Recommended defensive actions

• Confirm whether Cisco Mobility Express 2800 or 3800 access points are deployed in local mode with 40 MHz operation.
• Inventory the running software version and compare it to the affected and fixed releases listed by Cisco.
• Upgrade affected systems to a Cisco-fixed release from the vendor advisory.
• Review the Cisco advisory for deployment-specific guidance before and after upgrading.
• Monitor for repeated wireless authentication failures on the affected access points while remediation is planned.

Evidence notes

This debrief is based on the supplied NVD record and Cisco vendor advisory reference. The NVD vector is CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, and the NVD weakness mapping is CWE-399. The supplied corpus does not mark this CVE as a CISA KEV item.

Official resources