Executive Summary
| Summary | |
|---|---|
| Title | Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20190417-wlc-iapp | First vendor Publication | 2019-04-17 |
| Vendor | Cisco | Last vendor Modification | 2019-04-17 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.1 | Attack Range | Adjacent network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 6.5 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerabilities exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerabilities by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJct1BaXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczNFIQAIgScAqjYa8j8nnP8kWatVhkOC2U H9TYXtLGKff3mMsKQCN12G6F+DngvYx/YuRUYfLPFXO54A2vimPQDdwE1G70vRQU bRR2FwP0M5vXIb3MGWVzf9AVtg+aPHjB6vcAfrkcZXdsQ8+IhFK3gvk2QMQ3tnv +9O9g+SAIWsJwc5ncf/4PgSopRKgaF7A89CKV8sUD6i5u6y28NMLaBi1j5fxRMXPW 7va2GpLP7/D/gLDYsu9FHRDu/wY6aaQKlvAbWfbwz4jbYJNBs/URiVybQT/lw2yO SNmH8V4ID02yesQKZAmWc1ApjjuQX/wqe08UV+pprl1qOvAocUz7HpgOu1TD+BPH 03Em6j16AFBq0rQqgekzpL568imN7J/YOXkZ0OtxKYHBH4f1BXX44S3lZsledmlI rnOnvbDg82dGcxc41IgYcJuHORCXsW2vUnW5XVJ4vj71coKIepXybtfMwSvkIJ9B fwcSY9WYcvADYHDurH748Uum7/ak6+6YEiXVhiHF9RKkHKRdFdcdkpwGzKYKtZq +Ho6Du4kmPO/5g8nnV8QSK6/j0r1g2bDWm+1mzuq9mk2OB1KqkxUxyE/FUJW2iogg ynYleUl0PYqGcCv1Xi/VhMAq58pyHqhEAhgCUF+P9+iJMD7Nb5t7Hhmi9JWJVdeZ 2uYJbjbGfyoR5rsP =gqke END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | Cisco Wireless LAN Controller IAPP message denial of service attempt RuleID : 49879 - Revision : 1 - Type : SERVER-OTHER |
Alert History
| Date | Informations |
|---|---|
| 2020-12-05 21:23:46 |
|
| 2019-04-19 17:21:20 |
|
| 2019-04-18 17:18:37 |
|
