Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Description
A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected AP. An attacker could exploit this vulnerability by associating to a vulnerable AP, initiating a PPTP VPN connection to an arbitrary PPTP VPN server, and sending a malicious GRE frame through the data plane of the AP. A successful exploit could allow the attacker to cause an internal process of the targeted AP to crash, which in turn would cause the AP to reload. The AP reload would cause a DoS condition for clients that are associated with the AP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Aironet APs crash and reload when processing malicious GRE frames during PPTP VPN connections, allowing unauthenticated remote DoS.
Vulnerability
The vulnerability resides in the PPTP VPN packet processing functionality of Cisco Aironet Access Points. The issue occurs due to insufficient validation of GRE frames passing through the data plane. Affected devices include various Cisco Aironet AP models running certain firmware versions. An attacker must associate with a vulnerable AP and initiate a PPTP VPN connection to an arbitrary PPTP VPN server, then send a malicious GRE frame through the data plane.
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability without any prior authentication. The attacker needs to be within wireless range to associate with the AP. The exploit sequence: associate to the AP, initiate a PPTP VPN connection to any PPTP server (attacker-controlled or not), and then send a specially crafted GRE frame. This causes an internal process to crash, leading to AP reload.
Impact
Successful exploitation causes the AP to reload, resulting in a denial of service (DoS) condition for all clients associated with that AP. No data confidentiality or integrity is compromised, but availability is affected.
Mitigation
Cisco has released free software updates to address this vulnerability. Customers should upgrade to fixed firmware versions as indicated in the Cisco Security Advisory [1]. No workarounds are mentioned, but disabling PPTP VPN passthrough on the AP may mitigate risk, though not confirmed. The advisory provides instructions for obtaining updates.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-pptp-dosmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.