Executive Summary
| Summary | |
|---|---|
| Title | Cisco Wireless LAN Controller Unauthorized Access Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20160113-wlc | First vendor Publication | 2016-01-13 |
| Vendor | Cisco | Last vendor Modification | 2016-01-13 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Devices running Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an affected device could exploit this vulnerability. A successful exploit may compromise the device completely. Customers are advised to upgrade to a version of Cisco WLC software that addresses this vulnerability. There are no workarounds that address this vulnerability. Cisco has released software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWlnyxAAoJEIpI1I6i1Mx35zgQALeiHWpOREIv4toqLN48hfLt mMMPAIeD7z1BNEvGkJagFoK1Uh8qoEl5sKbcT7/ZEh5eLktM+uVfRQLe0YQC+Pax WNSeItZqfz4uQbJd87UtljCogWLP9Qdw4t40NrAUMHthd0IQ8WQu2Y6CNi9Y8KCU E4X/mdT+oPHuUg8NNJrWgV0T0fYS8iNJmKekaU7jaH0XY0WRf7H1l6qQWw5MzshR 4F7o4nzvMQbDRV41kM0ARGyS/Z1VD6qSWGO0vN6cK2bg1YeTihxuWFyTxzcNbWkT xpEkiSDQOl9UgJsVRtUhLj2Ak1/qJLmZPhXE6O7dDzPAMtY+I7emEbL3vACg4O7T iEHhDSrD+IPqiOZlbrPQS40xTIppPGMI1N2tx18D8AlvJZKQehVbDnwW+XpWxGKa Z/X7ADPmhiSKiK1Cbje2EacXpVf6WspvlSi5XKOCHWQFOufDm3idxLCkA2mkju0P W6iU4vD0QhHlmfnvF4ilABGwfbqYCyllqGFVmkY+pNs8+JOBkN91aWPW0tGYrkPO v2WhYUJvKrlcatUenIP+ZnGtC0UiI7I2d1pq9Ec8Kq0k2fGoQ+DNDtBxqflmW8jU 8zTKkBIn7qa8GR08XNLdwcs5MVZ2VhRD0ad8B95OpqCPz/3f+p/9F5goo7IWJQL6 nrl9vr+8uOyun5kxJEes =51Lm END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-03-14 | Cisco WLAN Controller insecure configuration wizard access attempt RuleID : 38087 - Revision : 1 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-01-22 | Name : The remote device is missing a vendor-supplied security update. File : cisco-sa-20160113-wlc.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-02-11 08:49:06 |
|
| 2016-02-11 05:29:00 |
|
| 2016-02-11 00:29:20 |
|
| 2016-02-10 21:29:25 |
|
| 2016-02-10 17:29:05 |
|
| 2016-02-10 13:27:59 |
|
| 2016-02-10 09:29:02 |
|
| 2016-02-10 05:29:16 |
|
| 2016-02-10 00:29:17 |
|
| 2016-02-09 21:30:17 |
|
| 2016-02-09 17:30:25 |
|
| 2016-02-09 13:31:23 |
|
| 2016-01-23 13:25:18 |
|
| 2016-01-13 21:23:54 |
|
