Executive Summary
Summary | |
---|---|
Title | Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170405-wlc | First vendor Publication | 2017-04-05 |
Vendor | Cisco | Last vendor Modification | 2017-04-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.1 | Attack Range | Adjacent network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJY5RT8ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHljGQ//aM3M/FaDJM/AnQzL HvYjDq/6+yHA6gyJZBah63faf/UKxd7a17aOFGRwE0Qn45Ig36orrkbtdq9UqiYF P4tJrTw18i7k2PJazSQZXJE/X5OEHsaz3KHvmIkeT6oN6nEMFnmLVo6TlY0rCAMV hY7ZqbNKFr5Pt/wdpqEbxOJl9++pN2kIkcZYJhQxnQ8UCjt3wB7ZyRGcmDdF4XxO Mjy+szi96qFyHSP2xPPhgBPcBOePohMyK7rd/4/UVzc/0m2Y0g3sCOYDgWn4vxQ/ ZgHcjxlsmmV6TGyUTP/J9olcwE+MIwx5HXRgiuvkR01jbeZ2eyguFTwgXXfUDvIF VuG3CDXyFk2XcG0aZZl/7HXFo7Ikb1OjVxLdX8Za4pi6fiatl3mofzjt1Dum+1t9 cZBm4OG67d43HBFTGYbeO6ZWkWfgUjWt1JYvvmdLoXmOoQxoG8+g7c05U3VzkUKK YH0fgI8UtVkrTUyvzA8tluKf42JOsgQC14sVxx647YdDWtio/VU5F7+5gzuFWGjh 9riUomQsEfNbCRConO9q+d/sPpdloJsfQBjWZPtnDXAOsXHgcrJ77CysvaWRKbnn OkVJD1kqHY5dUG+kogWAbPPboPspFbQaC6Ua6diipR9+EwF7el6PSML0izKmU5jv 1LLR9voA+EEY9PCe7ok0O1K9uVo= =HyFj END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-19 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170405-wlc.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-04-20 13:24:14 |
|
2017-04-13 00:21:04 |
|
2017-04-07 00:24:30 |
|
2017-04-05 21:18:15 |
|