Executive Summary

Summary
Title Cisco Wireless LAN Controller Denial of Service Vulnerability
Informations
Name cisco-sa-20160420-bdos First vendor Publication 2016-04-20
Vendor Cisco Last vendor Modification 2016-04-20
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXF4vlAAoJEK89gD3EAJB5clYP/01GkHljmtfoWydE9FD9FrAa /1gaCMs3t6XBpXZhC47V0ykYOLyW2I6eA7J28IIOa9Ujpqlxz2pIU3ptcBLGVVWm 1Zpjc2MWQF3v66DPtvfL7Wr0WZxaQXYN+WpXqcTOkDd2H+VlQRHMzKWYDfD57esy s9KL3gActveVDV/51tXHLXlob+9aaK4aeHzKr13GfrvL55k1T5Ea4670o03lqbN8 Dp7Smlu3MhowJEF/e4HOcBxKLZKrh44IX1M3KMkprvp8H60igP74atHgQg7ZwUym db4DqjMFsyXuMX8m8seGI851OsfxYUi5sRP51tAolBY3EGaWN/+kbI8FCp5l3UN9 Ezlwmfn7er8szbaJ3rzE2yLChyAyeNwL6+SSMhqTWvUfmmwmyP9/OHRGaO1S38tT OEELsiupGh0e/G2FVom/tqzm9KBK8IDWl+JgR2fRWgJjQQkGZoCFVzAGX+l+vXEF lYTlvt17JmXzcozEcndVtdOhOiQOFlOABr1Okor+e5vGKhVfC+9bYCq6hAU2fzH7 Wb5fb35cXXUoY7fJxmLwUodMyjEC/7ZueggmLgQlfyR75d6jnX+VPQXXBSamaaeP peb767C7f59ppK0PA4XMy6z8V0d741nQzJlHBWZci1tfnQvDy38NX1p/+HoLaEGS ERe2NvYmEe2Zt/vZl+b/ =wyDe END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 17

Snort® IPS/IDS

Date Description
2016-04-21 Cisco Wireless LAN Controller mDNS denial of service attempt
RuleID : 38590 - Revision : 1 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-05-04 Name : The remote device is missing vendor-supplied security patches.
File : cisco-sa-20160420-htrd-bdos-wlc.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-05-05 13:30:52
  • Multiple Updates
2016-04-27 09:42:08
  • Multiple Updates
2016-04-20 21:25:42
  • First insertion