Executive Summary

Summary
TitleCisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities
Informations
Namecisco-sa-20190417-wlc-iappFirst vendor Publication2019-04-17
VendorCiscoLast vendor Modification2019-04-17
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score6.1Attack RangeAdjacent network
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score6.5AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

The vulnerabilities exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerabilities by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJct1BaXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczNFIQAIgScAqjYa8j8nnP8kWatVhkOC2U H9TYXtLGKff3mMsKQCN12G6F+DngvYx/YuRUYfLPFXO54A2vimPQDdwE1G70vRQU bRR2FwP0M5vXIb3MGWVzf9AVtg+aPHjB6vcAfrkcZXdsQ8+IhFK3gvk2QMQ3tnv +9O9g+SAIWsJwc5ncf/4PgSopRKgaF7A89CKV8sUD6i5u6y28NMLaBi1j5fxRMXPW 7va2GpLP7/D/gLDYsu9FHRDu/wY6aaQKlvAbWfbwz4jbYJNBs/URiVybQT/lw2yO SNmH8V4ID02yesQKZAmWc1ApjjuQX/wqe08UV+pprl1qOvAocUz7HpgOu1TD+BPH 03Em6j16AFBq0rQqgekzpL568imN7J/YOXkZ0OtxKYHBH4f1BXX44S3lZsledmlI rnOnvbDg82dGcxc41IgYcJuHORCXsW2vUnW5XVJ4vj71coKIepXybtfMwSvkIJ9B fwcSY9WYcvADYHDurH748Uum7/ak6+6YEiXVhiHF9RKkHKRdFdcdkpwGzKYKtZq +Ho6Du4kmPO/5g8nnV8QSK6/j0r1g2bDWm+1mzuq9mk2OB1KqkxUxyE/FUJW2iogg ynYleUl0PYqGcCv1Xi/VhMAq58pyHqhEAhgCUF+P9+iJMD7Nb5t7Hhmi9JWJVdeZ 2uYJbjbGfyoR5rsP =gqke END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-04-19 17:21:20
  • Multiple Updates
2019-04-18 17:18:37
  • First insertion