Executive Summary
| Summary | |
|---|---|
| Title | Cisco Wireless LAN Controller Denial of Service Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20160420-bdos | First vendor Publication | 2016-04-20 |
| Vendor | Cisco | Last vendor Modification | 2016-04-20 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXF4vlAAoJEK89gD3EAJB5clYP/01GkHljmtfoWydE9FD9FrAa /1gaCMs3t6XBpXZhC47V0ykYOLyW2I6eA7J28IIOa9Ujpqlxz2pIU3ptcBLGVVWm 1Zpjc2MWQF3v66DPtvfL7Wr0WZxaQXYN+WpXqcTOkDd2H+VlQRHMzKWYDfD57esy s9KL3gActveVDV/51tXHLXlob+9aaK4aeHzKr13GfrvL55k1T5Ea4670o03lqbN8 Dp7Smlu3MhowJEF/e4HOcBxKLZKrh44IX1M3KMkprvp8H60igP74atHgQg7ZwUym db4DqjMFsyXuMX8m8seGI851OsfxYUi5sRP51tAolBY3EGaWN/+kbI8FCp5l3UN9 Ezlwmfn7er8szbaJ3rzE2yLChyAyeNwL6+SSMhqTWvUfmmwmyP9/OHRGaO1S38tT OEELsiupGh0e/G2FVom/tqzm9KBK8IDWl+JgR2fRWgJjQQkGZoCFVzAGX+l+vXEF lYTlvt17JmXzcozEcndVtdOhOiQOFlOABr1Okor+e5vGKhVfC+9bYCq6hAU2fzH7 Wb5fb35cXXUoY7fJxmLwUodMyjEC/7ZueggmLgQlfyR75d6jnX+VPQXXBSamaaeP peb767C7f59ppK0PA4XMy6z8V0d741nQzJlHBWZci1tfnQvDy38NX1p/+HoLaEGS ERe2NvYmEe2Zt/vZl+b/ =wyDe END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-04-21 | Cisco Wireless LAN Controller mDNS denial of service attempt RuleID : 38590 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-05-04 | Name : The remote device is missing vendor-supplied security patches. File : cisco-sa-20160420-htrd-bdos-wlc.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-05-05 13:30:52 |
|
| 2016-04-27 09:42:08 |
|
| 2016-04-20 21:25:42 |
|
