Executive Summary

Summary
Title Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability
Informations
Name cisco-sa-20170405-wlc First vendor Publication 2017-04-05
Vendor Cisco Last vendor Modification 2017-04-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 6.1 Attack Range Adjacent network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJY5RT8ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHljGQ//aM3M/FaDJM/AnQzL HvYjDq/6+yHA6gyJZBah63faf/UKxd7a17aOFGRwE0Qn45Ig36orrkbtdq9UqiYF P4tJrTw18i7k2PJazSQZXJE/X5OEHsaz3KHvmIkeT6oN6nEMFnmLVo6TlY0rCAMV hY7ZqbNKFr5Pt/wdpqEbxOJl9++pN2kIkcZYJhQxnQ8UCjt3wB7ZyRGcmDdF4XxO Mjy+szi96qFyHSP2xPPhgBPcBOePohMyK7rd/4/UVzc/0m2Y0g3sCOYDgWn4vxQ/ ZgHcjxlsmmV6TGyUTP/J9olcwE+MIwx5HXRgiuvkR01jbeZ2eyguFTwgXXfUDvIF VuG3CDXyFk2XcG0aZZl/7HXFo7Ikb1OjVxLdX8Za4pi6fiatl3mofzjt1Dum+1t9 cZBm4OG67d43HBFTGYbeO6ZWkWfgUjWt1JYvvmdLoXmOoQxoG8+g7c05U3VzkUKK YH0fgI8UtVkrTUyvzA8tluKf42JOsgQC14sVxx647YdDWtio/VU5F7+5gzuFWGjh 9riUomQsEfNbCRConO9q+d/sPpdloJsfQBjWZPtnDXAOsXHgcrJ77CysvaWRKbnn OkVJD1kqHY5dUG+kogWAbPPboPspFbQaC6Ua6diipR9+EwF7el6PSML0izKmU5jv 1LLR9voA+EEY9PCe7ok0O1K9uVo= =HyFj END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 36
Application 5
Application 7
Application 1
Application 1
Application 3

Nessus® Vulnerability Scanner

Date Description
2017-04-19 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20170405-wlc.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2017-04-20 13:24:14
  • Multiple Updates
2017-04-13 00:21:04
  • Multiple Updates
2017-04-07 00:24:30
  • Multiple Updates
2017-04-05 21:18:15
  • First insertion