All the vulnerabilites related to cisco - wireless_lan_controller
Vulnerability from fkie_nvd
Published
2013-08-30 20:55
Modified
2024-11-21 01:53
Severity ?
Summary
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436."
},
{
"lang": "es",
"value": "El Web Administrator Interface en dispositivos Cisco Wireless LAN Controller (WLC) permite a los usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del dispositivo), mediante el aprovechamiento de la pertenencia al grupo de gestores Full Manager, al grupo de gestores Read Only, o al grupo de gestores Lobby Ambassador, y el env\u00edo de una solicitud que (1) carece de valor en un par\u00e1metro o (2) contiene un par\u00e1metro con valor malformado, tambi\u00e9n conocido como Bug ID CSCuh14313, CSCuh14159, CSCuh14368, y CSCuh14436."
}
],
"id": "CVE-2013-3474",
"lastModified": "2024-11-21T01:53:41.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-30T20:55:08.647",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/96763"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/62084"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1028970"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-12 01:59
Modified
2024-11-21 02:56
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_software:8.0.72.140:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FFA694-78D1-48A6-BFAC-EB101A636AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "127638A2-6E17-4228-8681-89382AC8CE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.1.59.24:*:*:*:*:*:*:*",
"matchCriteriaId": "296F88C9-6874-44E2-B9D1-B3E1989660FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.1.105.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C57126D-D6BE-4602-885C-04D7CCEE3FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.1.111.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85E98B-4FAD-42B4-9A78-B5155992249E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.78.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2486222-1595-4FA2-80E8-8EE996C11CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.116.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A79CB6-6094-46AC-8574-FF6DC7FB592C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.150.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A558875-504D-4D2F-BF48-F29ABCCF6840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.150.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C646C8-021E-4F3E-8580-C364A6FF6B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.171.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53DCF441-096D-444D-8995-FF71EC149471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.171.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16AB56C1-1DB9-454E-836B-8AA56C4309FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.185.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E918087-75F7-4742-B9B9-39FEE3A069A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.193.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD0A4A5-A9A4-46A9-BDE0-5203864D4E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.195.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B431407-D4A7-4A9A-8C9F-5E8C1D162149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.6.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "1119C3DB-A423-46B8-8E21-558D3AE0F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.108:*:*:*:*:*:*:*",
"matchCriteriaId": "E23E6B23-2DFC-4959-B69D-35B12A3674C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.155.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9E44A7-9C79-4937-B929-D7CD48969D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.155.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D91822EB-04F3-4590-9E74-C173D332FF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.179.8:*:*:*:*:*:*:*",
"matchCriteriaId": "328B192D-6070-46C9-9B5E-E2D19197516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.179.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEB928B-97EC-490F-A313-B565FB67C8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.196:*:*:*:*:*:*:*",
"matchCriteriaId": "27C3E9DF-439E-4319-BFA3-14D756069FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.206.0:*:*:*:*:*:*:*",
"matchCriteriaId": "546C8A02-3C19-4AE8-98D6-D24342306764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.217.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D882A253-143C-4561-B0CA-209D48A995F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.219.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA48A99-0ED5-4FEB-8906-B68D4C5C702E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.171.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81CC513E-95EA-4FA0-AD70-25C51155AD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.181.0:*:*:*:*:*:*:*",
"matchCriteriaId": "272C20B5-3EA4-4AFD-ACD6-15A8ABA73C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.185.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F235E4-673A-4EC4-98F6-423C68919AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D16474F8-F7CC-445F-AB14-D8EB5CBB8A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A15A3CA-69E7-451D-AB84-43A6BBF17A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62424F6A-2D82-45C0-A7D3-540649DA5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.112.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A17769C-A301-4BC9-A2B1-E442F78030C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.117.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2290101-AEFA-4C4F-B8CE-620BDE6EA3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0947448E-D8C5-423D-BDF3-36BD29A83ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57C6B8CB-9277-463B-84EB-AEF36EE40E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.174.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBD9C2D-514C-44D3-ADCD-D6F80E50BEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.176.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A97D98B-6B3C-4AD1-8096-202E44F63B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C29D759-F433-42FB-ADA5-8FEA71085CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "26E0529E-C01C-4916-984F-B83C91CE3099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAACE0C-DD44-4E81-ABEF-7896647CE8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5140A4F1-713E-4478-B807-83D826DAA374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2143731F-749D-45ED-B2FE-A3893C5B1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.152.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C860DDD-33C6-4CC9-B8D2-4E3C9884C445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2230FF3-EE71-408A-B558-74AAD024F661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D513E4D8-B0A4-4C71-AD42-8EF9FE3E63B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.169.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60A2DB28-C42F-4E64-B0A2-63D83603D656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2FE92A-847A-459A-9407-1CB3A954B965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9B50430F-82F1-42BF-A3BA-733D83BB30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B9657E7A-E366-48FB-A161-3CC8DD088D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DFEC44-189D-4125-88FF-77C291B072DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.103.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38D00567-54C8-4135-9A96-C19893F661C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.112:*:*:*:*:*:*:*",
"matchCriteriaId": "B703F93F-4E0D-4DCD-8997-FC9E48334899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3_base:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED20104-D7CC-4563-BCD5-F87DAD568937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C069EB-29CB-4AF7-8886-D3EEBF0FFA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB0B394-5DF5-4972-9463-43F39705DCD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4D90CC27-03B4-4E8A-B7C7-31CF468CE9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D811122-DAD3-49F7-BF45-EB86A21C66AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "075749B7-8133-44B2-A9F6-8C57C1799088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4_base:*:*:*:*:*:*:*",
"matchCriteriaId": "490358BD-D4AC-41D9-954E-25D33A1D5545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.5.102.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2CAF56-E0D1-4056-A714-564D67D6A6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.5.102.11:*:*:*:*:*:*:*",
"matchCriteriaId": "98D6FFA2-E82A-4E2F-89F4-F4CFFF6870A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ED1088-C683-48DC-81D5-2545B353814A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.6.1.62:*:*:*:*:*:*:*",
"matchCriteriaId": "C36A1927-65E0-431E-B8AD-CDC18F199801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.6.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFFCE42-6068-49F7-A3F7-B3B76BD26AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.6.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D769AF88-EF56-4F23-AB6D-2BE1005011B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.6.120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86F349D8-CC1E-4894-9810-6346646CB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.6.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94C657F9-385D-430F-B1A8-6385B31D5B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8EFBBD-1E3C-4456-B5FF-F1A9B007BAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.0.0.30220.385:*:*:*:*:*:*:*",
"matchCriteriaId": "0401FB45-2948-4167-91BA-42C18E472262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.0.100:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB28498-E77B-4929-9A46-8748CB4CE79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.0.115.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C57197A-7E0B-4975-ABA3-EF2E610C580B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.0.120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0872E094-1332-4EBE-9B2D-DFC7B6B0585D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.0.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E48594C8-799E-4F04-8FA2-70F628555283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D61C08F-3F9A-4502-AED7-AC63C0045ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.1.104.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6E21CB-D531-441F-82E6-485F064F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.1.111.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F785B0-45C2-4CF0-BCFF-9B8174D20D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.1.122.0:*:*:*:*:*:*:*",
"matchCriteriaId": "078F630B-225D-4AFF-8F4A-55711A42FA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.1.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CF7D77-656D-4745-AC84-78F9636EC5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_6.0:182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC9448E-EA9C-4280-A2E5-1556FE746A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_6.0:188.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37FDDF90-B234-4246-8AB7-3CF6F4E684E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_6.0:196.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03732E-28C2-4E33-A705-B749C3897EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_6.0:199.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A059B53-B23D-4F1A-BD78-35D3CE7537D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_6.0:202.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC22EE11-E2FF-4D37-9143-A742F5D0A6EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74AC084A-3D4C-402D-909C-FA7FEC086114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:98.218:*:*:*:*:*:*:*",
"matchCriteriaId": "9D11CC67-13EF-4BAD-A801-32719DAD2FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:116.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0429E0D-A260-4D20-8921-C1FB4C1F9BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63B0F149-4EA4-48BA-BAF5-EF63F9E1C6DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:240.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3770B4-2062-4618-8CB0-C4C4F7995F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:250.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83BD8D6A-02B8-4DC3-971B-1D93065D09D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.0:252.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89723EEC-F0F6-4C6C-939B-8032AD8B37BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.1:91.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D31F2E-1D1C-4699-9004-69A22864518B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.2:103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "866A85C2-81F7-45E0-9FA1-15EAAF87CC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.4:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "947CF04B-D8F0-4ACD-AEA6-B994F4CEFA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.4:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "B18C2D9A-F2B1-4607-BADD-E0BD0FC4347E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software_7.4:140.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6D299D-4ECF-4113-829E-E5DFB982EACF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221."
},
{
"lang": "es",
"value": "Dispositivos Cisco Wireless LAN Controller (WLC) en versiones anteriores a 8.0.140.0, 8.1.x y 8.2.x en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores a 8.3.102.0 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga del dispositivo) mediante el env\u00edo de paquetes Inter-Access Point Protocol (IAPP) manipulados y despu\u00e9s, el env\u00edo de peticiones de informaci\u00f3n de m\u00e9tricas de flujo de tr\u00e1fico (TSM) a trav\u00e9s de SNMP, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz40221."
}
],
"id": "CVE-2016-6375",
"lastModified": "2024-11-21T02:56:00.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T01:59:01.130",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/92712"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036721"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-04 03:24
Modified
2024-11-21 01:49
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2106_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C58D0FC-9466-46D8-9292-110A502849AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2112_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A95FD5A-FCC2-42C8-91AD-2F8C823CBFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2125_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "584BBBE4-6E19-47BE-99B6-4370CEA91BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2504_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2B56FF-7F15-4926-A570-472BC675306F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4402_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98007A4-43AC-40F6-9032-BB83B33B6E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4404_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "883A22D1-2529-49BB-92A4-0CE2C1F327C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:airespace_4000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "824C533A-2951-442A-86FD-BC90DAFEEBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507."
},
{
"lang": "es",
"value": "Cisco Wireless LAN Controller (WLC) no gestiona adecuadamente el consumo de recursos de las sesiones TELNET terminadas, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio haciendo muchas conexiones Telnet y acabando de forma inadecuada con las mismas, tambi\u00e9n conocido como Bug ID CSCug35507."
}
],
"id": "CVE-2013-1235",
"lastModified": "2024-11-21T01:49:10.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-04T03:24:41.720",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-22 19:55
Modified
2024-11-21 01:59
Severity ?
Summary
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuf77821."
},
{
"lang": "es",
"value": "La interfaz web en dispositivos Cisco Wireless LAN Controller (WLC) no limita apropiadamente el uso de elementos IFRAME, lo cual facilita a atacantes remotos ejecutar ataques de clickjacking y otros ataques no especificados a trav\u00e9s de un sitio web manipulado, relacionado con un problema de \"cross-frame scripting (XFS)\", tambi\u00e9n conocido como Bug ID CSCuf77821."
}
],
"id": "CVE-2013-6698",
"lastModified": "2024-11-21T01:59:34.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-22T19:55:09.907",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-06 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.2.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "906F9233-7DEF-4742-9AF3-50B6C231A9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.2.169.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE9F19D-1701-40BC-A374-111B5F38BE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:6.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD7A5C2-6354-449D-B715-2E9FFDD2E6FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1B0325-D287-4286-B7E9-DB148881D9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D547FB25-6486-4A77-99E6-C8F8EA9D5407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE090AB-88B8-4A42-9CED-FF54B2C812E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1538A4DA-6D77-4289-B47C-9BE2C7BDC036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.103.8:*:*:*:*:*:*:*",
"matchCriteriaId": "04FDC2A1-F522-440B-9C5E-18729C0C34E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.112:*:*:*:*:*:*:*",
"matchCriteriaId": "DE292FF9-9674-4251-9EF3-AD4A4F9CCC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B0782064-881F-4ADB-880A-E005AFFE5ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E6716-BBDC-43FB-8016-10281E360049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E98435C2-EAD9-45BE-AE9A-CD1499F4239F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "75473B22-A59F-471A-9DB8-8FA9FD504DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12FD9D8F-2E52-4CA9-94BD-65F8B1FF26C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05AEADF2-9986-432A-8416-1D138C8C94D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4_base:*:*:*:*:*:*:*",
"matchCriteriaId": "246EDF05-FF4B-47FB-9A72-6417F239F0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FE2157-DE6C-4002-A209-091457BFA7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB2EE4-565E-4EC0-978C-80738C5F8307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "ED69F11C-153E-442B-8F7C-57961A25AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.1.62:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D30E7A-4B2C-4A1E-B52C-C209757829F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB33D00D-7DCB-4150-9907-1365066F3767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9051AFDE-A519-4701-9AD5-CBA7AEE46B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "354D3747-A6AB-41AA-8DD4-C17C0461EF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE75C02-0E3E-4BA3-8E86-2FEA9EEB7E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EA1478-B988-4DD7-A937-FB91FB0DEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.0.30220.385:*:*:*:*:*:*:*",
"matchCriteriaId": "B467125C-5491-4066-A35A-891B78AD0A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.72.140:*:*:*:*:*:*:*",
"matchCriteriaId": "13FACACE-CF96-474D-BA3E-F289BD96CF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0E439FF8-91DE-43E9-BE65-59BCEC52F3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.115.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B798E5A-E108-4465-BD2B-A2F4ADFDB363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97971195-3E04-4AC1-95BC-479CE2CAB389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "031A8A69-4E46-4EE5-B0A8-0A74E7C66A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B00858F6-C0AD-4822-9990-E0126AB43EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.104.37:*:*:*:*:*:*:*",
"matchCriteriaId": "B6528ED0-853F-4475-AAD7-7F9B5E0DFE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.111.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83E372-CFD8-4DDD-80F7-E3128D0C5E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.122.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D5A815-BA48-43A5-8CD4-2E580B2CB0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6129F0-5195-41AC-AFF3-50518B1ADB9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55746AD1-5C44-4144-BBE3-53F4D654E57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:188.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A74E0159-DA37-4AC2-8AA3-D6FA83F0DFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:196.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B297FCF3-6FC4-4C0E-89A9-A760FF9A58CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:199.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F40022CC-A0AB-47EA-B089-9A3E66E49727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:202.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3D92BC-3052-4B3E-8152-ACFC8B507D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEC6779-072A-43F2-AD75-9056D783B99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.218:*:*:*:*:*:*:*",
"matchCriteriaId": "88D96498-EF62-4B8E-AB8A-E326A306D473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:116.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA2A940-A36F-4903-9A9D-DB0269D01C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "171F7669-64D7-4E1E-9766-86B5A1085B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:240.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCD4C58-E8A6-470C-8324-CAD6F149C87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:250.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97458DAB-1E88-4552-92D0-2C14B074E8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:252.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2040D-5969-48D8-89FE-53C30B1483A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.1:91.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6075E464-5D78-492A-B85F-1C053E9B8CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.2:103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38F12EF1-A79E-446F-8A31-E188FF1C6B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "225D1199-74C7-4AAB-A434-F03DE0D57539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "25A6025A-6BE3-4BCF-A884-2EE630752459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:140.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13ACDA7-F6C8-42E9-8748-14730F4D06D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353."
},
{
"lang": "es",
"value": "Una vulnerabilidad en 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software podr\u00eda permitir que un atacante no autenticado adyacente, provoque una condici\u00f3n de denegaci\u00f3n de servicio(DoS). La vulnerabilidad se debe a la validaci\u00f3n de entrada incompleta del encabezado de paquete 802.11 WME. Un atacante podr\u00eda explotar esta vulnerabilidad enviando marcos malformados WME 802.11 a un dispositivo de destino. Un exploit exitoso podr\u00eda permitir al atacante hacer que el WLC se recargue inesperadamente. Las versiones fijas son 8.0.140.0, 8.2.130.0, y 8.3.111.0. Cisco Bug IDs: CSCva86353."
}
],
"id": "CVE-2016-9194",
"lastModified": "2024-11-21T03:00:46.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T18:59:00.230",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97424"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1038182"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-07 17:59
Modified
2024-11-21 03:00
Severity ?
Summary
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | 8.3.102.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.3.102.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5055381F-6060-469F-A7CD-26D8D5CBA833",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3)."
},
{
"lang": "es",
"value": "\"Una vulnerabilidad en RADIUS Change of Authorization (CoA) proceso de solicitud en el Cisco Wireless LAN Controller (WLC) podr\u00eda permitir a un atacante remoto no autenticado provocar una denegaci\u00f3n de servicio (DoS) desconectando una sola conexi\u00f3n. Esta vulnerabilidad afecta a Cisco Wireless LAN Controller ejecutando la versi\u00f3n de software 8.3.102.0. M\u00e1s informaci\u00f3n: CSCvb01835. Lanzamientos fijos conocidos: 8,4(1,49) 8,3(111,0) 8,3(108,0) 8,3(104,24) 8,3(102,3).\""
}
],
"id": "CVE-2016-9195",
"lastModified": "2024-11-21T03:00:46.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-07T17:59:00.183",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97425"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1038188"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-24 18:15
Modified
2024-11-21 05:31
Severity ?
Summary
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * | |
| cisco | 1111-4pwe | - | |
| cisco | 1111-8plteeawb | - | |
| cisco | 1111-8pwb | - | |
| cisco | 1113-8plteeawe | - | |
| cisco | 1113-8pmwe | - | |
| cisco | 1113-8pwe | - | |
| cisco | 1116-4plteeawe | - | |
| cisco | 1116-4pwe | - | |
| cisco | 1117-4plteeawe | - | |
| cisco | 1117-4pmlteeawe | - | |
| cisco | 1117-4pmwe | - | |
| cisco | 1117-4pwe | - | |
| cisco | aironet_1815 | - | |
| cisco | aironet_1830e | - | |
| cisco | aironet_1830i | - | |
| cisco | aironet_1850e | - | |
| cisco | aironet_1850i | - | |
| cisco | business_140ac | - | |
| cisco | business_145ac | - | |
| cisco | business_240ac | - | |
| cisco | business_access_points | * | |
| cisco | access_points | * | |
| cisco | catalyst_9800-40 | - | |
| cisco | catalyst_9800-80 | - | |
| cisco | catalyst_9800-cl | - | |
| cisco | catalyst_9800-l | - | |
| cisco | catalyst_9800-l-c | - | |
| cisco | catalyst_9800-l-f | - | |
| cisco | aironet_access_point_software | 8.5\(151.0\) | |
| cisco | aironet_access_point_software | 17.2.0.26 | |
| cisco | aironet_1850e | - | |
| cisco | aironet_1850i | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAC3262-0899-4F22-8EE7-27F35FB7276D",
"versionEndExcluding": "8.10.112.0",
"versionStartIncluding": "8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1111-4pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7262ADAB-296F-4DC2-9CD7-A86D7F6441C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111-8plteeawb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "929A06B1-38F1-42F4-B179-D42B04506AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111-8pwb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3056B31-1977-4472-BC74-19A5B8B5EC44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1113-8plteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9261A638-E2E4-4EF0-84E9-A585BF763263",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1113-8pmwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C85463D-0B37-4746-B7EA-80F3096305E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1113-8pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58C04E5B-AC03-440F-9007-0D6761B41F68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1116-4plteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29A5E963-2987-4927-862A-6375624FC876",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1116-4pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3601499F-AD3B-47EA-816A-A01379CA1A33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4plteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303129EF-9107-4B39-8683-1BD917B3E68D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4pmlteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B2B271-555B-4439-95D8-086E516F1169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4pmwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB321CD-9096-4F75-AD2F-4EAE1CA75D76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F31C77-0303-4FD9-B968-6B430202C6AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:business_140ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6331ADD0-9438-4095-84D4-4434C4782C60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:business_145ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19202724-5BEB-487C-98EA-F3B6924C52CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:business_240ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07135C18-DDB4-41F3-971F-A4FC38C99E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78149144-CCF5-4C71-B22D-45261C4ACABC",
"versionEndExcluding": "10.1.1.0",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B4ABE1-4F2F-478A-AA0E-8F293105FEBE",
"versionEndExcluding": "16.12.4a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.5\\(151.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FDF08F54-1FD8-4542-9CA0-CCCBB686B62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF64F8-9B4F-460D-85A1-F1D57E7FD695",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Aironet Access Point (AP) Software, podr\u00eda permitir a un atacante remoto no autenticado causar la recarga de un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a un manejo inapropiado de los clientes que est\u00e1n intentando conectarse al AP.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones de autenticaci\u00f3n de varios clientes hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo afectado se recargue."
}
],
"id": "CVE-2020-3559",
"lastModified": "2024-11-21T05:31:18.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T18:15:21.997",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-08 20:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=41249 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1033731 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=41249 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033731 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | 7.0\(240.0\) | |
| cisco | wireless_lan_controller | 7.3\(101.0\) | |
| cisco | wireless_lan_controller | 7.4\(1.19\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.0\\(240.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7EC23174-611B-4338-B298-4A68A0306637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3\\(101.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "947375D8-F39C-4AA6-8909-BF69D01B3DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4\\(1.19\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6532B922-DE18-402C-A338-C6F22C81B2B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236."
},
{
"lang": "es",
"value": "Dispositivos Cisco Wireless LAN Controller (WLC) con software 7.0(240.0), 7.3(101.0) y 7.4(1.19), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n del dispositivo) mediante el env\u00edo malformado del manejo de datos 802.11i a un punto de acceso gestionado, tambi\u00e9n conocido como Bug ID CSCub65236."
}
],
"id": "CVE-2015-6311",
"lastModified": "2024-11-21T02:34:45.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-08T20:59:03.380",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41249"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033731"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-02 16:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101642 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039712 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101642 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039712 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | - | |
| cisco | wireless_lan_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80814232-C66F-434C-B441-99133FFBD415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el subsistema Simple Network Management Protocol (SNMP) de Cisco Wireless LAN Controllers podr\u00eda permitir que un atacante remoto autenticado provoque que el dispositivo afectado se reinicie, provocando una denegaci\u00f3n de servicio (DoS) en consecuencia. La vulnerabilidad se debe a una fuga de memoria que ocurre en un dispositivo afectado despu\u00e9s de que el dispositivo falle a la hora de desasignar un b\u00fafer que se utiliza cuando algunas MIB est\u00e1n encuestadas. Un atacante que conozca la cadena SNMP Read Versi\u00f3n 2 o tenga credenciales SNMP Versi\u00f3n 3 para un dispositivo afectado podr\u00eda encuestar repetidamente los ID de los objetos (OID) MIB afectados y consumir la memoria disponible en el dispositivo. Cuando la memoria se agota lo suficiente en el dispositivo, el dispositivo se reiniciar\u00e1, provocando una denegaci\u00f3n de servicio (DoS). Cisco Bug IDs: CSCvc71674."
}
],
"id": "CVE-2017-12278",
"lastModified": "2024-11-21T03:09:13.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.2,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-02T16:29:00.490",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101642"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039712"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-02 16:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101646 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039723 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101646 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039723 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | - | |
| cisco | wireless_lan_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80814232-C66F-434C-B441-99133FFBD415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad de an\u00e1lisis sint\u00e1ctico de Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request podr\u00eda permitir que un atacante remoto sin autenticar provoque que el dispositivo afectado se reinicie de manera inesperada, resultando en una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la validaci\u00f3n incompleta de los valores de entrada de los campos en los paquetes CAPWAP Discovery Request por parte del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes CAPWAP Discovery Request manipulados al dispositivo afectado. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se reinicie de manera inesperada, provocando una denegaci\u00f3n de servicio. Cisco Bug IDs: CSCvb95842."
}
],
"id": "CVE-2017-12280",
"lastModified": "2024-11-21T03:09:13.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-02T16:29:00.567",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101646"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039723"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | 7.2 | |
| cisco | wireless_lan_controller_software | 7.2.103.0 | |
| cisco | wireless_lan_controller_software | 7.2.110.0 | |
| cisco | wireless_lan_controller_software | 7.3 | |
| cisco | wireless_lan_controller_software | 7.3.101.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.60 | |
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D160CAC1-B873-4A78-A50B-5B3FAB6EEDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4D90CC27-03B4-4E8A-B7C7-31CF468CE9B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929."
},
{
"lang": "es",
"value": "Los dispositivos de Cisco Wireless LAN Controller (WLC) 7.2 anterior a 7.2.115.2, 7.3 y 7.4 anterior a 7.4.110.0 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de una trama Ethernet 802.11 manipulada, tambi\u00e9n conocido como Bug ID CSCue87929."
}
],
"id": "CVE-2014-0706",
"lastModified": "2024-11-21T02:02:40.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.413",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-18 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/108008 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108008 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * | |
| cisco | wireless_lan_controller_software | * | |
| cisco | wireless_lan_controller_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A28D5120-C4D9-444D-A835-53D70D76306E",
"versionEndExcluding": "8.2.170.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1677D8-F3C2-436F-B2FA-2748F5561253",
"versionEndExcluding": "8.5.150.0",
"versionStartIncluding": "8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6C3D90-661F-4909-8074-DBE842EB038D",
"versionEndExcluding": "8.8.100.0",
"versionStartIncluding": "8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de los mensajes de Inter-Access Point Protocol (IAPP) por parte del programa Wireless LAN Controller (WLC) de Cisco, podr\u00eda permitir que un atacante adyacente no autenticado cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad existe porque el programa valida incorrectamente la entrada en los campos dentro de los mensajes IAPP. Un atacante podr\u00eda explotar la vulnerabilidad enviando mensajes IAPP maliciosos a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante hacer que el programa WLC de Cisco se vuelva a cargar, lo que resultar\u00eda en una condici\u00f3n DoS. Las versiones de software anteriores a 8.2.170.0, 8.5.150.0 y 8.8.100.0 est\u00e1n afectadas."
}
],
"id": "CVE-2019-1800",
"lastModified": "2024-11-21T04:37:24.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-18T01:29:02.733",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108008"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | 7.4.100.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.60 | |
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D160CAC1-B873-4A78-A50B-5B3FAB6EEDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4D90CC27-03B4-4E8A-B7C7-31CF468CE9B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202."
},
{
"lang": "es",
"value": "Los dispositivos de Cisco Wireless LAN Controller (WLC) 7.4 anterior a 7.4.110.0 distribuyen software Aironet IOS con una condici\u00f3n de carrera en el estado del servidor HTTP administrativo, lo que permite a atacantes remotos evadir restricciones de acceso mediante la conexi\u00f3n a un punto de acceso Aironet en que este servidor no ha sido efectivamente deshabilitado, tambi\u00e9n conocido como Bug ID CSCuf66202."
}
],
"id": "CVE-2014-0703",
"lastModified": "2024-11-21T02:02:40.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.333",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | 7.2 | |
| cisco | wireless_lan_controller_software | 7.2.103.0 | |
| cisco | wireless_lan_controller_software | 7.2.110.0 | |
| cisco | wireless_lan_controller_software | 7.3 | |
| cisco | wireless_lan_controller_software | 7.3.101.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.60 | |
| cisco | wireless_lan_controller_software | 7.5 | |
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D160CAC1-B873-4A78-A50B-5B3FAB6EEDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4D90CC27-03B4-4E8A-B7C7-31CF468CE9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58713067-9185-4B92-97A1-4D98AFF4A8BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233."
},
{
"lang": "es",
"value": "El servicio Multicast Listener Discovery (MLD) en los dispositivos de Cisco Wireless LAN Controller (WLC) 7.2, 7.3, 7.4 anterior a 7.4.121.0 y 7.5, cuando MLDv2 Snooping est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de un paquete IPv6 MLDv2 malformado, tambi\u00e9n conocido como Bug ID CSCuh74233."
}
],
"id": "CVE-2014-0705",
"lastModified": "2024-11-21T02:02:40.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.380",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-06 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_firmware | 8.2.121.0 | |
| cisco | wireless_lan_controller_software | 8.3.102.0 | |
| cisco | wireless_lan_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_firmware:8.2.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8182306A-FB75-40B2-B17E-2C8C8FBFAA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.3.102.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6157D8A-AFA1-4B71-8089-7812E9D6A64F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592."
},
{
"lang": "es",
"value": "Una vulnerabilidad con procesamiento de paquetes de entrada IPv6 UDP en el software Cisco Wireless LAN Controller (WLC) podr\u00eda permitir a un atacante remoto no autenticado provocar una recarga inesperada del dispositivo. La vulnerabilidad se debe a la validaci\u00f3n incompleta del encabezado IPv6 UDP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete IPv6 UDP manipulado a un puerto espec\u00edfico del dispositivo de destino.Un exploit podr\u00eda permitir al atacante afectar la disponibilidad del dispositivo, ya que podr\u00eda volver a cargarse de forma inesperada. Esta vulnerabilidad afecta a Cisco Wireless LAN Controller (WLC) running software versi\u00f3n 8.2.121.0 o 8.3.102.0. Cisco Bug IDs: CSCva98592."
}
],
"id": "CVE-2016-9219",
"lastModified": "2024-11-21T03:00:49.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T18:59:00.260",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97423"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1038183"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-03 11:04
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de administraci\u00f3n en dispositivos Cisco Wireless LAN Controller (WLC) permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de una URL manipulada, aka Bug ID CSCuf77810."
}
],
"id": "CVE-2013-5519",
"lastModified": "2024-11-21T01:57:37.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-03T11:04:43.540",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/98083"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55171"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519"
},
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31112"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/62787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/98083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62787"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-28 23:55
Modified
2024-11-21 01:48
Severity ?
Summary
The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A7794-B828-4CFB-8AE9-5B1E94987E9D",
"versionEndIncluding": "7.4.1.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "619CA2B5-7CD2-4124-B512-792CAC176FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5A5BFF-E062-4663-B96C-D40DFF899EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:3.2.116.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A79CB6-6094-46AC-8574-FF6DC7FB592C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44884968-081D-4F6B-A325-74D5466052A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.108:*:*:*:*:*:*:*",
"matchCriteriaId": "E23E6B23-2DFC-4959-B69D-35B12A3674C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.155.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9E44A7-9C79-4937-B929-D7CD48969D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.155.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D91822EB-04F3-4590-9E74-C173D332FF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.179.8:*:*:*:*:*:*:*",
"matchCriteriaId": "328B192D-6070-46C9-9B5E-E2D19197516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.179.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEB928B-97EC-490F-A313-B565FB67C8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.196:*:*:*:*:*:*:*",
"matchCriteriaId": "27C3E9DF-439E-4319-BFA3-14D756069FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.206.0:*:*:*:*:*:*:*",
"matchCriteriaId": "546C8A02-3C19-4AE8-98D6-D24342306764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.217.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D882A253-143C-4561-B0CA-209D48A995F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.219.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA48A99-0ED5-4FEB-8906-B68D4C5C702E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3A8DBB-9E82-4428-9034-391F662DFA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.171.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81CC513E-95EA-4FA0-AD70-25C51155AD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.181.0:*:*:*:*:*:*:*",
"matchCriteriaId": "272C20B5-3EA4-4AFD-ACD6-15A8ABA73C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.185.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F235E4-673A-4EC4-98F6-423C68919AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "7701D5E7-9264-4A34-9467-9AB3CA5E4A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1E1F40-ECB6-42FB-838E-998B1893D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A15A3CA-69E7-451D-AB84-43A6BBF17A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62424F6A-2D82-45C0-A7D3-540649DA5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.112.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A17769C-A301-4BC9-A2B1-E442F78030C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.117.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2290101-AEFA-4C4F-B8CE-620BDE6EA3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0947448E-D8C5-423D-BDF3-36BD29A83ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57C6B8CB-9277-463B-84EB-AEF36EE40E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.174.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBD9C2D-514C-44D3-ADCD-D6F80E50BEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.176.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A97D98B-6B3C-4AD1-8096-202E44F63B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C29D759-F433-42FB-ADA5-8FEA71085CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2m:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3F13F4-0E96-490D-9DA0-8B22595E9BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA75092-5306-45F5-AEB5-67A2224FFDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAACE0C-DD44-4E81-ABEF-7896647CE8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5140A4F1-713E-4478-B807-83D826DAA374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68625A20-073A-4AC9-8C46-BCE07B185D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2143731F-749D-45ED-B2FE-A3893C5B1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.152.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C860DDD-33C6-4CC9-B8D2-4E3C9884C445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2230FF3-EE71-408A-B558-74AAD024F661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1511CA9-B471-49D6-9BEE-1BADE6EC61E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D513E4D8-B0A4-4C71-AD42-8EF9FE3E63B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.169.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60A2DB28-C42F-4E64-B0A2-63D83603D656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "593615BB-EDEC-4267-9D6A-B67E89BB0BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F555475A-7ED8-45DD-93C5-BC3BFA07851B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.188.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA820A1-1E44-43E5-B80A-446608697558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.196.0:*:*:*:*:*:*:*",
"matchCriteriaId": "983D3154-58C0-4994-AFD3-FCCCE607E66C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.199.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18E87542-257E-4C75-87DB-CD56416F7524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.199.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6862C9D-2683-4BDC-B78E-537785F291C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B84AFFD-117A-4E7C-8F2C-01DF5DE4EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1855D021-7914-4862-B613-97F6664AE33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C89ACF8-7D47-48A9-A6B5-C2250D52D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.235.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80F455BF-C909-4FF9-8F0B-A47AE790A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D96188C-F969-46A4-9600-D64FB8123031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1.91.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4159EF-C069-4738-9494-EB19CC51F148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153."
},
{
"lang": "es",
"value": "La funcionalidad mDNS snooping en Cisco Wireless LAN Controller (WLC) los dispositivos con software v7.4.1.54 y anteriores no gestionar adecuadamente buffers, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de paquetes mDNS artesanales, ID de error alias CSCue04153 ."
}
],
"id": "CVE-2013-1141",
"lastModified": "2024-11-21T01:48:58.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-28T23:55:01.287",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28417"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | 7.0 | |
| cisco | wireless_lan_controller_software | 7.0.220.0 | |
| cisco | wireless_lan_controller_software | 7.0.235.0 | |
| cisco | wireless_lan_controller_software | 7.2 | |
| cisco | wireless_lan_controller_software | 7.2.103.0 | |
| cisco | wireless_lan_controller_software | 7.2.110.0 | |
| cisco | wireless_lan_controller_software | 7.3 | |
| cisco | wireless_lan_controller_software | 7.3.101.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.60 | |
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B84AFFD-117A-4E7C-8F2C-01DF5DE4EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C89ACF8-7D47-48A9-A6B5-C2250D52D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.235.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80F455BF-C909-4FF9-8F0B-A47AE790A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D160CAC1-B873-4A78-A50B-5B3FAB6EEDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4D90CC27-03B4-4E8A-B7C7-31CF468CE9B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F7994A-E87E-4FDC-B054-11EAC0E7A0DC",
"versionEndIncluding": "-",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361."
},
{
"lang": "es",
"value": "Los dispositivos de Cisco Wireless LAN Controller (WLC) 7.0 anterior a 7.0.250.0, 7.2, 7.3 y 7.4 anterior a 7.4.110.0 no desasignan debidamente memoria, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio) mediante el env\u00edo de solicitudes de inicio WebAuth a una tasa elevada, tambi\u00e9n conocido como Bug ID CSCuf52361."
}
],
"id": "CVE-2014-0701",
"lastModified": "2024-11-21T02:02:39.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.317",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | 7.2 | |
| cisco | wireless_lan_controller_software | 7.2.103.0 | |
| cisco | wireless_lan_controller_software | 7.2.110.0 | |
| cisco | wireless_lan_controller_software | 7.3 | |
| cisco | wireless_lan_controller_software | 7.3.101.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.0 | |
| cisco | wireless_lan_controller_software | 7.4.100.60 | |
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D160CAC1-B873-4A78-A50B-5B3FAB6EEDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4D90CC27-03B4-4E8A-B7C7-31CF468CE9B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681."
},
{
"lang": "es",
"value": "Los dispositivos de Cisco Wireless LAN Controller (WLC) 7.2, 7.3 y 7.4 anterior a 7.4.110.0 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de una trama Ethernet 802.11 manipulada, tambi\u00e9n conocido como Bug ID CSCuf80681."
}
],
"id": "CVE-2014-0707",
"lastModified": "2024-11-21T02:02:40.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.427",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-24 18:15
Modified
2024-11-21 05:31
Severity ?
Summary
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAC3262-0899-4F22-8EE7-27F35FB7276D",
"versionEndExcluding": "8.10.112.0",
"versionStartIncluding": "8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E903427-F63E-4E51-AC2D-96A707261DEE",
"versionEndExcluding": "8.5.161.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E7FBB2-4D72-47E2-84A2-AF8FE3CCE876",
"versionEndExcluding": "8.8.130.0",
"versionStartIncluding": "8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1111-4pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7262ADAB-296F-4DC2-9CD7-A86D7F6441C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111-8plteeawb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "929A06B1-38F1-42F4-B179-D42B04506AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111-8pwb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3056B31-1977-4472-BC74-19A5B8B5EC44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1113-8plteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9261A638-E2E4-4EF0-84E9-A585BF763263",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1113-8pmwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C85463D-0B37-4746-B7EA-80F3096305E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1113-8pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58C04E5B-AC03-440F-9007-0D6761B41F68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1116-4plteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29A5E963-2987-4927-862A-6375624FC876",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1116-4pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3601499F-AD3B-47EA-816A-A01379CA1A33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4plteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303129EF-9107-4B39-8683-1BD917B3E68D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4pmlteeawe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B2B271-555B-4439-95D8-086E516F1169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4pmwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB321CD-9096-4F75-AD2F-4EAE1CA75D76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1117-4pwe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F31C77-0303-4FD9-B968-6B430202C6AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:business_140ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6331ADD0-9438-4095-84D4-4434C4782C60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:business_145ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19202724-5BEB-487C-98EA-F3B6924C52CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:business_240ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07135C18-DDB4-41F3-971F-A4FC38C99E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3CCCFE-88CC-4F7B-8958-79CA62516EA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4081C532-3B10-4FBF-BB22-5BA17BC6FCF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE2220-E2E6-4A17-9F0A-2C927FAB4AA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A47C2D6F-8F90-4D74-AFE1-EAE954021F46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:esw-6300-con-x-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3625BC-9003-4E07-B4EA-EB44CADDD6B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78149144-CCF5-4C71-B22D-45261C4ACABC",
"versionEndExcluding": "10.1.1.0",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B4ABE1-4F2F-478A-AA0E-8F293105FEBE",
"versionEndExcluding": "16.12.4a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.5\\(154.27\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7F7E9751-8192-4418-89BE-58D83E1BC2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.8\\(125.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8CBF1E5E-E88B-46EA-AF9A-A52B9CF84273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.10\\(105.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C522D2E-422A-47E9-884B-708E4F4BF203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.10\\(105.4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "50089912-8D92-4A0F-83C6-2C9BB3B7CF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A94467F-9120-4165-832C-292F343AD65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9301B023-A2C5-4DAD-9A05-FDE751AF3C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "E600825D-4984-488E-BF44-89816CAB6869",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Aironet Access Points (APs), podr\u00eda permitir a un atacante remoto no autenticado causar una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una gesti\u00f3n inapropiada de los recursos al procesar paquetes espec\u00edficos.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una serie de paquetes UDP dise\u00f1ados hacia un puerto espec\u00edfico en un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante romper la conexi\u00f3n entre el AP y el controlador de LAN inal\u00e1mbrico, resultando que el dispositivo afectado no sea capaz de procesar el tr\u00e1fico del cliente, o causar que el dispositivo vulnerable se recargue, desencadenando en una condici\u00f3n DoS.\u0026#xa0;Despu\u00e9s del ataque, el dispositivo afectado deber\u00eda recuperar autom\u00e1ticamente sus funciones normales sin intervenci\u00f3n manual."
}
],
"id": "CVE-2020-3560",
"lastModified": "2024-11-21T05:31:19.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T18:15:22.137",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-02 16:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101657 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039713 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101657 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039713 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | - | |
| cisco | wireless_lan_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80814232-C66F-434C-B441-99133FFBD415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad 802.11v Basic Service Set (BSS) Transition Management en Cisco Wireless LAN Controllers podr\u00eda permitir que un atacante adyacente sin autenticar provoque que el dispositivo afectado se reinicie de manera inesperada, resultando en una denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a una validaci\u00f3n insuficiente de los valores entrantes de los paquetes 802.11v de BSS Transition Management Response que un dispositivo afectado recibe de los clientes inal\u00e1mbricos. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete 802.11v BSS Transition Management Response mal formado a un dispositivo afectado. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se reinicie de manera inesperada, provocando una denegaci\u00f3n de servicio. Cisco Bug IDs: CSCvb57803."
}
],
"id": "CVE-2017-12275",
"lastModified": "2024-11-21T03:09:12.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-02T16:29:00.363",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101657"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039713"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-18 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/108008 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108008 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * | |
| cisco | wireless_lan_controller_software | * | |
| cisco | wireless_lan_controller_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A28D5120-C4D9-444D-A835-53D70D76306E",
"versionEndExcluding": "8.2.170.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D14C7BFB-7646-4A13-A1C1-ED99B72DFB67",
"versionEndExcluding": "8.5.150.0",
"versionStartIncluding": "8.3.143.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8FDD1D-5BCA-44F9-8447-9E1AAD741E5D",
"versionEndExcluding": "8.8.100.0",
"versionStartIncluding": "8.7.106.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de mensajes de Protocolo Inter-Access Point (IAPP) para el software Wireless LAN Controller (WLC) de Cisco, podr\u00eda permitir que un atacante no identificado, localmente causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad existe porque el software comprueba incorrectamente la entrada en los campos dentro de los mensajes IAPP. Un atacante podr\u00eda aprovechar la vulnerabilidad enviando mensajes IAPP maliciosos a un dispositivo afectado. Una operaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante hiciera que el software WLC de Cisco recargue, resultando en una condici\u00f3n DoS. Las versiones de software anteriores a 8.2.170.0, 8.5.150.0 y 8.8.100.0 se ven afectadas."
}
],
"id": "CVE-2019-1796",
"lastModified": "2024-11-21T04:37:24.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-18T01:29:02.470",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108008"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-24 18:15
Modified
2024-11-21 05:31
Severity ?
Summary
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * | |
| cisco | aironet_1542d | - | |
| cisco | aironet_1542i | - | |
| cisco | aironet_1562d | - | |
| cisco | aironet_1562e | - | |
| cisco | aironet_1562i | - | |
| cisco | aironet_1810 | - | |
| cisco | aironet_1815 | - | |
| cisco | aironet_1830e | - | |
| cisco | aironet_1830i | - | |
| cisco | aironet_1840 | - | |
| cisco | aironet_1850e | - | |
| cisco | aironet_1850i | - | |
| cisco | aironet_2800e | - | |
| cisco | aironet_2800i | - | |
| cisco | aironet_3800e | - | |
| cisco | aironet_3800i | - | |
| cisco | aironet_3800p | - | |
| cisco | aironet_4800 | - | |
| cisco | business_access_points | * | |
| cisco | access_points | * | |
| cisco | catalyst_9800-40 | - | |
| cisco | catalyst_9800-80 | - | |
| cisco | catalyst_9800-cl | - | |
| cisco | catalyst_9800-l | - | |
| cisco | catalyst_9800-l-c | - | |
| cisco | catalyst_9800-l-f | - | |
| cisco | aironet_access_point_software | 8.10\(1.255\) | |
| cisco | aironet_1850e | - | |
| cisco | aironet_1850i | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EFE8F9-5E37-42DF-8658-574A5D9ECC6D",
"versionEndExcluding": "8.10.105.0",
"versionStartIncluding": "8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F923CF-D4EB-48F8-821D-8BB3A69ABB62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69CA9D6-914D-436F-AA81-B218CC312D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78149144-CCF5-4C71-B22D-45261C4ACABC",
"versionEndExcluding": "10.1.1.0",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B4ABE1-4F2F-478A-AA0E-8F293105FEBE",
"versionEndExcluding": "16.12.4a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.10\\(1.255\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D40D1D98-F662-4C7D-AEC8-C106209D7848",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de paquetes Ethernet de Cisco Aironet Access Points (APs) Software, podr\u00eda permitir a un atacante adyacente no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante la conexi\u00f3n como un cliente cableado a la interfaz Ethernet de un dispositivo afectado y mediante el env\u00edo de una serie de paquetes espec\u00edficos en un corto per\u00edodo de tiempo.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar un acceso al puntero NULL que resulte en una recarga del dispositivo afectado."
}
],
"id": "CVE-2020-3552",
"lastModified": "2024-11-21T05:31:18.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T18:15:21.900",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-13 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011."
},
{
"lang": "es",
"value": "El web framework de dispositivos Cisco Wireless LAN Controller (WLC) no valida adecuadamente la configuraci\u00f3n de par\u00e1metros, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio a trav\u00e9s de peticiones HTTP manipuladas, tambi\u00e9n conocido como Bug ID CSCuh81011."
}
],
"id": "CVE-2013-6684",
"lastModified": "2024-11-21T01:59:32.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-13T15:55:04.517",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6684"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-08 16:55
Modified
2024-11-21 02:07
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321."
},
{
"lang": "es",
"value": "Dispositivos Cisco Wireless LAN Controller (WLC) permiten a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y reinicio de dispositivo) a trav\u00e9s de un valor cero en datos de paquetes de Cisco Discovery Protocol que no se manejan debidamente durante encuestas SNMP, tambi\u00e9n conocido como Bug ID CSCuo12321."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"",
"id": "CVE-2014-3291",
"lastModified": "2024-11-21T02:07:48.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-08T16:55:02.877",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/57895"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67926"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/57895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030410"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-06 18:59
Modified
2024-11-21 03:26
Severity ?
Summary
A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/97421 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1038184 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97421 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038184 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_firmware | 8.3.102.0 | |
| cisco | wireless_lan_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_firmware:8.3.102.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86BDEF67-9AE2-4364-B088-CB22B47CC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web del software Cisco Wireless LAN Controller (WLC) podr\u00eda permitir a un atacante remoto no autenticado provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a que falta un controlador interno para la solicitud espec\u00edfica. Un atacante podr\u00eda explotar esta vulnerabilidad accediendo a una URL oculta espec\u00edfica en la interfaz de administraci\u00f3n web de la GUI. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar una recarga del dispositivo, resultando en una condici\u00f3n DoS. Esta vulnerabilidad s\u00f3lo afecta a la versi\u00f3n de Cisco Wireless LAN Controller 8.3.102.0. Cisco Bug IDs: CSCvb48198."
}
],
"id": "CVE-2017-3832",
"lastModified": "2024-11-21T03:26:12.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T18:59:00.293",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97421"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038184"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 22:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/105667 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1041924 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105667 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041924 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | 8.7\(1.115\) | |
| cisco | wireless_lan_controller | * | |
| cisco | wireless_lan_controller_software | * | |
| cisco | wireless_lan_controller_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.7\\(1.115\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F83BCA36-D078-4AF4-AF35-89290AA865BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "469E3B80-E912-40DC-876D-11A8C1DA47E7",
"versionEndExcluding": "8.5.131.0",
"versionStartIncluding": "8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEEA721-9E03-4223-B126-949FFC72E1A8",
"versionEndExcluding": "8.2.170.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF089F85-0F8D-4CC5-A4AC-55A2A66A0CD6",
"versionEndExcluding": "8.7.102.0",
"versionStartIncluding": "8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la autenticaci\u00f3n TACACS con Cisco Wireless LAN Controller (WLC) Software podr\u00eda permitir que un atacante local autenticado realice ciertas operaciones en la interfaz de usuario que no deber\u00edan estar disponibles a ese usuario de la interfaz de l\u00ednea de comandos. La vulnerabilidad se debe al an\u00e1lisis incorrecto de un atributo TACACS espec\u00edfico recibido en la respuesta TACACS desde el servidor TACACS remoto. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose mediante TACACS en la interfaz de usuario de un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que un atacante cree cuentas de usuario local con privilegios administrativos en un WLC afectado y ejecute otros comandos que no se permiten desde la interfaz de l\u00ednea de comandos y deber\u00edan estar prohibidos."
}
],
"id": "CVE-2018-0417",
"lastModified": "2024-11-21T03:38:11.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T22:29:00.363",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105667"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041924"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-02 16:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101650 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039724 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101650 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039724 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller_software | - | |
| cisco | wireless_lan_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80814232-C66F-434C-B441-99133FFBD415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad de procesamiento de tramas entrantes de Access Network Query Protocol (ANQP) de Cisco Wireless LAN Controllers podr\u00eda permitir que un atacante no autenticado adyacente a la frecuencia de radio de Capa 2 provoque que el dispositivo afectado se reinicie de manera inesperada, provocando una denegaci\u00f3n de servicio (DoS) en consecuencia. Esta vulnerabilidad se debe a la validaci\u00f3n incompleta de los valores de entrada de las tramas de consulta ANQP por parte del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una trama de consulta ANQP mal formada al dispositivo afectado. que est\u00e9 en la red adyacente a la frecuencia de radio. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se reinicie de manera inesperada, provocando una denegaci\u00f3n de servicio. La vulnerabilidad afecta a Cisco Wireless LAN Controllers que ejecuten una distribuci\u00f3n vulnerable de Cisco WLC Software y que est\u00e9n configurados para ser compatibles con Hotspot 2.0. Cisco Bug IDs: CSCve05779."
}
],
"id": "CVE-2017-12282",
"lastModified": "2024-11-21T03:09:13.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-02T16:29:00.647",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101650"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039724"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-19 00:59
Modified
2024-11-21 02:23
Severity ?
Summary
The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861."
},
{
"lang": "es",
"value": "La funcionalidad Wireless Intrusion Detection (tambi\u00e9n conocida como WIDS) en los dispositivos Cisco Wireless LAN Controller (WLC) permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de dispositivo) a trav\u00e9s de paquetes manipulados que se manejan incorrectamente durante la renderizaci\u00f3n de la p\u00e1gina del resumen de los eventos de firmas (Signature Events Summary), tambi\u00e9n conocido como Bug ID CSCus46861."
}
],
"id": "CVE-2015-0622",
"lastModified": "2024-11-21T02:23:25.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-19T00:59:00.070",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0622"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-02 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0A0F12-B56E-40E2-9B0F-3E0B8D881D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.1.59.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3534E61A-C158-433A-90FE-59E4A42EF32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.1.105.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB4E162-13BA-4516-8AFD-55FADCEF0782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.1.111.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A753D16D-353A-4F5E-8ECF-601C95348ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.78.0:*:*:*:*:*:*:*",
"matchCriteriaId": "110F5DFF-A9E0-413B-955D-30665BEAB927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.116.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1EA287-F44B-4BDE-A158-E1309667ED17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.150.6:*:*:*:*:*:*:*",
"matchCriteriaId": "881D0464-B1CC-45C4-8190-A6F673BE163D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.150.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5C7A08-B6F1-42C5-A9AA-85AD72435565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.171.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCC4233-D996-47EC-95E3-44FC57A9D1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.171.6:*:*:*:*:*:*:*",
"matchCriteriaId": "123A2479-7B8D-49F2-96B2-02D4FACC7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.185.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB1A868-6A21-4960-9333-526DDA1DC9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.193.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC702CB9-636D-4E8F-AFE1-3C5F4117804A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.2.195.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C02A7416-71BF-4D9B-9864-2C2A6DC2E7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:3.6.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF5116E-5836-4A18-A88D-9319CF77D27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.108:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3152F9-98E9-4832-B9E5-9D4ADBC90C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.155.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1545A5BB-2591-4908-87E5-90F5598F02E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.155.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED4705-3249-476C-8DA8-B64D1BC76045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.179.8:*:*:*:*:*:*:*",
"matchCriteriaId": "34773C93-534F-4D9F-A4B3-DDC4DBDFFF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.179.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9B72F9-CFE2-404B-BACB-3A044D18E4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.196:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF42FC4-A4C0-455B-AFA4-B3A643B0FB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.206.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D69C71-CB3D-4BE6-AFF5-B54979A56023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.217.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AE1B28-FAC3-4BD8-BE46-B898C0D09F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.0.219.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEBFADB-421B-4C9C-96CC-C0504A64D837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.1.171.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A087365-E3F3-472C-B2B0-0834C3DE91E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.1.181.0:*:*:*:*:*:*:*",
"matchCriteriaId": "098D285E-819C-4AAB-B608-5A59BDC3F04A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.1.185.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56414527-AC9C-4D54-9340-10753574418D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF0A001-1250-4242-AB0E-67BF4BED503B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30328F81-F682-4193-AC10-32B85CCB5EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC05DA06-1D47-4165-95B0-FF5ECB5BC683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.112.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B65DE2D5-E5AF-4661-B433-A844296F2016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.117.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07F0E902-9A98-4D24-99DB-2C448AC1FEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEA437E-1787-4D2A-B59A-442F84AA2F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.173.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46495838-CD45-479A-A8A6-33C50955E1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.174.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC216EBE-9059-43FD-8C5E-D1DE702D2132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.176.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14ED3DE7-25B0-43E1-97EE-95F60F51ABFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5528AEAB-88D8-4C19-91E5-4E5E51438307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:4.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B7F42E-80D7-4324-A617-EEEA1C94D874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.0.148.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5047BC1D-F6C1-4C53-839C-F4E6C463FC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.0.148.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6704FB3A-CD36-4720-A342-481376F5E837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.1.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87154527-1843-4F47-BBCE-C03C057D13B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.1.152.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25D30DB3-D173-4AF7-B668-0B8502CA9C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.1.160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94E2EFBD-7C05-4CB4-9FAD-6ABC54614D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.2.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "906F9233-7DEF-4742-9AF3-50B6C231A9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.2.169.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE9F19D-1701-40BC-A374-111B5F38BE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:6.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD7A5C2-6354-449D-B715-2E9FFDD2E6FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1B0325-D287-4286-B7E9-DB148881D9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D547FB25-6486-4A77-99E6-C8F8EA9D5407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE090AB-88B8-4A42-9CED-FF54B2C812E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1538A4DA-6D77-4289-B47C-9BE2C7BDC036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.103.8:*:*:*:*:*:*:*",
"matchCriteriaId": "04FDC2A1-F522-440B-9C5E-18729C0C34E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.112:*:*:*:*:*:*:*",
"matchCriteriaId": "DE292FF9-9674-4251-9EF3-AD4A4F9CCC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B0782064-881F-4ADB-880A-E005AFFE5ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E6716-BBDC-43FB-8016-10281E360049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E98435C2-EAD9-45BE-AE9A-CD1499F4239F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.100.60:*:*:*:*:*:*:*",
"matchCriteriaId": "75473B22-A59F-471A-9DB8-8FA9FD504DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12FD9D8F-2E52-4CA9-94BD-65F8B1FF26C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05AEADF2-9986-432A-8416-1D138C8C94D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4_base:*:*:*:*:*:*:*",
"matchCriteriaId": "246EDF05-FF4B-47FB-9A72-6417F239F0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FE2157-DE6C-4002-A209-091457BFA7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB2EE4-565E-4EC0-978C-80738C5F8307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "ED69F11C-153E-442B-8F7C-57961A25AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.1.62:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D30E7A-4B2C-4A1E-B52C-C209757829F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.100.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB33D00D-7DCB-4150-9907-1365066F3767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9051AFDE-A519-4701-9AD5-CBA7AEE46B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "354D3747-A6AB-41AA-8DD4-C17C0461EF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE75C02-0E3E-4BA3-8E86-2FEA9EEB7E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EA1478-B988-4DD7-A937-FB91FB0DEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.0.30220.385:*:*:*:*:*:*:*",
"matchCriteriaId": "B467125C-5491-4066-A35A-891B78AD0A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.72.140:*:*:*:*:*:*:*",
"matchCriteriaId": "13FACACE-CF96-474D-BA3E-F289BD96CF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0E439FF8-91DE-43E9-BE65-59BCEC52F3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.115.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B798E5A-E108-4465-BD2B-A2F4ADFDB363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97971195-3E04-4AC1-95BC-479CE2CAB389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.121.0:*:*:*:*:*:*:*",
"matchCriteriaId": "031A8A69-4E46-4EE5-B0A8-0A74E7C66A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B00858F6-C0AD-4822-9990-E0126AB43EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.104.37:*:*:*:*:*:*:*",
"matchCriteriaId": "B6528ED0-853F-4475-AAD7-7F9B5E0DFE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.111.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83E372-CFD8-4DDD-80F7-E3128D0C5E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.122.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D5A815-BA48-43A5-8CD4-2E580B2CB0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6129F0-5195-41AC-AFF3-50518B1ADB9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55746AD1-5C44-4144-BBE3-53F4D654E57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:188.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A74E0159-DA37-4AC2-8AA3-D6FA83F0DFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:196.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B297FCF3-6FC4-4C0E-89A9-A760FF9A58CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:199.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F40022CC-A0AB-47EA-B089-9A3E66E49727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:202.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3D92BC-3052-4B3E-8152-ACFC8B507D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEC6779-072A-43F2-AD75-9056D783B99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.218:*:*:*:*:*:*:*",
"matchCriteriaId": "88D96498-EF62-4B8E-AB8A-E326A306D473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:116.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA2A940-A36F-4903-9A9D-DB0269D01C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "171F7669-64D7-4E1E-9766-86B5A1085B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:240.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCD4C58-E8A6-470C-8324-CAD6F149C87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:250.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97458DAB-1E88-4552-92D0-2C14B074E8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:252.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2040D-5969-48D8-89FE-53C30B1483A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.1:91.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6075E464-5D78-492A-B85F-1C053E9B8CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.2:103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38F12EF1-A79E-446F-8A31-E188FF1C6B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "225D1199-74C7-4AAB-A434-F03DE0D57539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "25A6025A-6BE3-4BCF-A884-2EE630752459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:140.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13ACDA7-F6C8-42E9-8748-14730F4D06D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263."
},
{
"lang": "es",
"value": "La funcionalidad Adaptive Wireless Intrusion Prevention System (wIPS) en dispositivos Cisco Wireless LAN Controller (WLC) en versiones anteriores a 8.0.140.0, 8.1.x y 8.2.x en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores a 8.3.102.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio del dispositivo) a trav\u00e9s de un paquete wIPS mal formado, tambi\u00e9n conocido como Bug ID CSCuz40263."
}
],
"id": "CVE-2016-6376",
"lastModified": "2024-11-21T02:56:00.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-02T00:59:04.420",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/92716"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036720"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-29 15:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39041 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032419 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032419 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | 7.4\(1.1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4\\(1.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC37A0-F81C-42C5-B29F-ABE3CEDFABD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104."
},
{
"lang": "es",
"value": "los dispositivos Cisco Wireless LAN Controller (WLC) con software 7.4(1.1) permiten a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de servicios de red inal\u00e1mbricos) a trav\u00e9s de trafico YCP manipulado en la red local, tambi\u00e9n conocido como Bug ID CSCug67104."
}
],
"id": "CVE-2015-0756",
"lastModified": "2024-11-21T02:23:39.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-29T15:59:10.203",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39041"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032419"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-18 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/108008 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108008 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * | |
| cisco | wireless_lan_controller_software | * | |
| cisco | wireless_lan_controller_software | * | |
| cisco | wireless_lan_controller_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A28D5120-C4D9-444D-A835-53D70D76306E",
"versionEndExcluding": "8.2.170.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37475222-98BC-46CA-B320-97A3E99AAF3B",
"versionEndExcluding": "8.3.150.0",
"versionStartIncluding": "8.3.143.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF32CF8-486B-4DAE-8551-04E02EA3E0A9",
"versionEndExcluding": "8.5.131.0",
"versionStartIncluding": "8.5.103.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E15024-C09F-46C4-8A90-0E84B3E61CFA",
"versionEndExcluding": "8.8.100.0",
"versionStartIncluding": "8.6.101.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de mensajes de Protocolo Inter-Access Point (IAPP) para el software Wireless LAN Controller (WLC) de Cisco, podr\u00eda permitir que un atacante no identificado, adyacente causa una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad existe porque el software comprueba incorrectamente la entrada en los campos dentro de los mensajes IAPP. Un atacante podr\u00eda aprovechar la vulnerabilidad enviando mensajes IAPP maliciosos a un dispositivo afectado. Una operaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante hiciera que el software WLC de Cisco se recargue, resultando en una condici\u00f3n DoS. Las versiones de software anteriores a 8.2.170.0, 8.5.150.0 y 8.8.100.0 se ven afectadas."
}
],
"id": "CVE-2019-1799",
"lastModified": "2024-11-21T04:37:24.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-18T01:29:02.640",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108008"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-22 19:55
Modified
2024-11-21 01:59
Severity ?
Summary
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) en dispositivos Cisco Wireless LAN Controller (WLC) permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un paquete CAPWAP que desencadena una sobre-lectura del b\u00fafer, tambi\u00e9n conocido como Bug ID CSCuh81880."
}
],
"id": "CVE-2013-6699",
"lastModified": "2024-11-21T01:59:34.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-22T19:55:09.920",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44884968-081D-4F6B-A325-74D5466052A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.108:*:*:*:*:*:*:*",
"matchCriteriaId": "E23E6B23-2DFC-4959-B69D-35B12A3674C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.155.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9E44A7-9C79-4937-B929-D7CD48969D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.155.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D91822EB-04F3-4590-9E74-C173D332FF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.179.8:*:*:*:*:*:*:*",
"matchCriteriaId": "328B192D-6070-46C9-9B5E-E2D19197516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.179.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEB928B-97EC-490F-A313-B565FB67C8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.196:*:*:*:*:*:*:*",
"matchCriteriaId": "27C3E9DF-439E-4319-BFA3-14D756069FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.206.0:*:*:*:*:*:*:*",
"matchCriteriaId": "546C8A02-3C19-4AE8-98D6-D24342306764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.217.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D882A253-143C-4561-B0CA-209D48A995F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.0.219.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA48A99-0ED5-4FEB-8906-B68D4C5C702E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3A8DBB-9E82-4428-9034-391F662DFA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.171.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81CC513E-95EA-4FA0-AD70-25C51155AD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.181.0:*:*:*:*:*:*:*",
"matchCriteriaId": "272C20B5-3EA4-4AFD-ACD6-15A8ABA73C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1.185.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F235E4-673A-4EC4-98F6-423C68919AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "7701D5E7-9264-4A34-9467-9AB3CA5E4A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1E1F40-ECB6-42FB-838E-998B1893D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A15A3CA-69E7-451D-AB84-43A6BBF17A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62424F6A-2D82-45C0-A7D3-540649DA5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.112.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A17769C-A301-4BC9-A2B1-E442F78030C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.117.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2290101-AEFA-4C4F-B8CE-620BDE6EA3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0947448E-D8C5-423D-BDF3-36BD29A83ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57C6B8CB-9277-463B-84EB-AEF36EE40E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.174.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBD9C2D-514C-44D3-ADCD-D6F80E50BEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.176.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A97D98B-6B3C-4AD1-8096-202E44F63B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C29D759-F433-42FB-ADA5-8FEA71085CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2m:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3F13F4-0E96-490D-9DA0-8B22595E9BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA75092-5306-45F5-AEB5-67A2224FFDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAACE0C-DD44-4E81-ABEF-7896647CE8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5140A4F1-713E-4478-B807-83D826DAA374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68625A20-073A-4AC9-8C46-BCE07B185D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2143731F-749D-45ED-B2FE-A3893C5B1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.152.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C860DDD-33C6-4CC9-B8D2-4E3C9884C445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2230FF3-EE71-408A-B558-74AAD024F661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1511CA9-B471-49D6-9BEE-1BADE6EC61E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D513E4D8-B0A4-4C71-AD42-8EF9FE3E63B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.169.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60A2DB28-C42F-4E64-B0A2-63D83603D656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "593615BB-EDEC-4267-9D6A-B67E89BB0BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F555475A-7ED8-45DD-93C5-BC3BFA07851B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.188.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA820A1-1E44-43E5-B80A-446608697558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.196.0:*:*:*:*:*:*:*",
"matchCriteriaId": "983D3154-58C0-4994-AFD3-FCCCE607E66C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.199.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18E87542-257E-4C75-87DB-CD56416F7524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.199.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6862C9D-2683-4BDC-B78E-537785F291C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B84AFFD-117A-4E7C-8F2C-01DF5DE4EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1855D021-7914-4862-B613-97F6664AE33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C89ACF8-7D47-48A9-A6B5-C2250D52D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.235.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80F455BF-C909-4FF9-8F0B-A47AE790A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D96188C-F969-46A4-9600-D64FB8123031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1.91.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4159EF-C069-4738-9494-EB19CC51F148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240."
},
{
"lang": "es",
"value": "La implementaci\u00f3n IGMP en los dispositivos de Cisco Wireless LAN Controller (WLC) 4.x, 5.x, 6.x, 7.0 anterior a 7.0.250.0, 7.1, 7.2 y 7.3, cuando IGMPv3 Snooping est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (sobrelectura de memoria y reinicio de dispositivo) a trav\u00e9s de un campo manipulado en un mensaje IGMPv3, tambi\u00e9n conocido como Bug ID CSCuh33240."
}
],
"id": "CVE-2014-0704",
"lastModified": "2024-11-21T02:02:40.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.367",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-5519
Vulnerability from cvelistv5
Published
2013-10-03 10:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=31112 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/62787 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/98083 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/55171 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:20.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31112"
},
{
"name": "20131002 Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519"
},
{
"name": "62787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62787"
},
{
"name": "98083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98083"
},
{
"name": "55171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31112"
},
{
"name": "20131002 Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519"
},
{
"name": "62787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62787"
},
{
"name": "98083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98083"
},
{
"name": "55171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31112",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31112"
},
{
"name": "20131002 Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519"
},
{
"name": "62787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62787"
},
{
"name": "98083",
"refsource": "OSVDB",
"url": "http://osvdb.org/98083"
},
{
"name": "55171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-5519",
"datePublished": "2013-10-03T10:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:15:20.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0703
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:18.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0703",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:18.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1796
Vulnerability from cvelistv5
Published
2019-04-18 00:45
Modified
2024-11-21 19:38
Severity ?
EPSS score ?
Summary
A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108008 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Wireless LAN Controller (WLC) |
Version: unspecified < 8.2.170.0 Version: unspecified < 8.3.150.0 Version: unspecified < 8.8.100.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108008"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:59:23.012838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:38:19.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller (WLC)",
"vendor": "Cisco",
"versions": [
{
"lessThan": "8.2.170.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.3.150.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.8.100.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-19T13:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108008"
}
],
"source": {
"advisory": "cisco-sa-20190417-wlc-iapp",
"defect": [
[
"CSCvh91032",
"CSCvh96364",
"CSCvi89027"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-04-17T16:00:00-0700",
"ID": "CVE-2019-1796",
"STATE": "PUBLIC",
"TITLE": "Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller (WLC)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.170.0"
},
{
"version_affected": "\u003c",
"version_value": "8.3.150.0"
},
{
"version_affected": "\u003c",
"version_value": "8.8.100.0"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108008"
}
]
},
"source": {
"advisory": "cisco-sa-20190417-wlc-iapp",
"defect": [
[
"CSCvh91032",
"CSCvh96364",
"CSCvi89027"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1796",
"datePublished": "2019-04-18T00:45:22.058988Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:38:19.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0705
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0705",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0707
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0707",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1235
Vulnerability from cvelistv5
Published
2013-05-04 01:00
Modified
2024-09-17 02:58
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:04.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130503 Cisco Wireless Lan Controller Telnet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-04T01:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130503 Cisco Wireless Lan Controller Telnet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130503 Cisco Wireless Lan Controller Telnet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1235",
"datePublished": "2013-05-04T01:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:58:04.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9219
Vulnerability from cvelistv5
Published
2017-04-06 18:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97423 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038183 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2"
},
{
"name": "97423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97423"
},
{
"name": "1038183",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2"
},
{
"name": "97423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97423"
},
{
"name": "1038183",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2"
},
{
"name": "97423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97423"
},
{
"name": "1038183",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-9219",
"datePublished": "2017-04-06T18:00:00",
"dateReserved": "2016-11-06T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0417
Vulnerability from cvelistv5
Published
2018-10-17 22:00
Modified
2024-11-26 14:24
Severity ?
EPSS score ?
Summary
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041924 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/105667 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Wireless LAN Controller (WLC) |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041924",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041924"
},
{
"name": "20181017 Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"name": "105667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105667"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:50:36.943761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:24:38.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller (WLC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1041924",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041924"
},
{
"name": "20181017 Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"name": "105667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105667"
}
],
"source": {
"advisory": "cisco-sa-20181017-wlc-gui-privesc",
"defect": [
[
"CSCvh65876"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-17T16:00:00-0500",
"ID": "CVE-2018-0417",
"STATE": "PUBLIC",
"TITLE": "Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller (WLC)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041924",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041924"
},
{
"name": "20181017 Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"name": "105667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105667"
}
]
},
"source": {
"advisory": "cisco-sa-20181017-wlc-gui-privesc",
"defect": [
[
"CSCvh65876"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0417",
"datePublished": "2018-10-17T22:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:24:38.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12275
Vulnerability from cvelistv5
Published
2017-11-02 16:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101657 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039713 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:55.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"
},
{
"name": "101657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101657"
},
{
"name": "1039713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"
},
{
"name": "101657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101657"
},
{
"name": "1039713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"
},
{
"name": "101657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101657"
},
{
"name": "1039713",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12275",
"datePublished": "2017-11-02T16:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:55.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3552
Vulnerability from cvelistv5
Published
2020-09-24 17:51
Modified
2024-11-13 18:01
Severity ?
EPSS score ?
Summary
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Aironet Access Point Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:23:40.472481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:01:45.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T17:51:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
],
"source": {
"advisory": "cisco-sa-ap-ethport-dos-xtjTt8pY",
"defect": [
[
"CSCvq94716"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3552",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
]
},
"source": {
"advisory": "cisco-sa-ap-ethport-dos-xtjTt8pY",
"defect": [
[
"CSCvq94716"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3552",
"datePublished": "2020-09-24T17:51:08.669654Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T18:01:45.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6698
Vulnerability from cvelistv5
Published
2013-11-22 17:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131121 Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuf77821."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20131121 Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuf77821."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131121 Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6698",
"datePublished": "2013-11-22T17:00:00",
"dateReserved": "2013-11-07T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1800
Vulnerability from cvelistv5
Published
2019-04-18 01:00
Modified
2024-11-21 19:38
Severity ?
EPSS score ?
Summary
A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108008 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Wireless LAN Controller (WLC) |
Version: unspecified < 8.2.170.0 Version: unspecified < 8.3.150.0 Version: unspecified < 8.8.100.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108008"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:59:21.621968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:38:08.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller (WLC)",
"vendor": "Cisco",
"versions": [
{
"lessThan": "8.2.170.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.3.150.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.8.100.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-19T13:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108008"
}
],
"source": {
"advisory": "cisco-sa-20190417-wlc-iapp",
"defect": [
[
"CSCvh91032",
"CSCvh96364",
"CSCvi89027"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-04-17T16:00:00-0700",
"ID": "CVE-2019-1800",
"STATE": "PUBLIC",
"TITLE": "Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller (WLC)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.170.0"
},
{
"version_affected": "\u003c",
"version_value": "8.3.150.0"
},
{
"version_affected": "\u003c",
"version_value": "8.8.100.0"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108008"
}
]
},
"source": {
"advisory": "cisco-sa-20190417-wlc-iapp",
"defect": [
[
"CSCvh91032",
"CSCvh96364",
"CSCvi89027"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1800",
"datePublished": "2019-04-18T01:00:15.745196Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:38:08.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12280
Vulnerability from cvelistv5
Published
2017-11-02 16:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039723 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101646 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:54.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039723"
},
{
"name": "101646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1039723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039723"
},
{
"name": "101646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039723"
},
{
"name": "101646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101646"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12280",
"datePublished": "2017-11-02T16:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:54.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3474
Vulnerability from cvelistv5
Published
2013-08-30 20:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86811 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028970 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/96763 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/62084 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:38.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-wlc-cve20133474-dos(86811)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
},
{
"name": "20130830 Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474"
},
{
"name": "1028970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028970"
},
{
"name": "96763",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96763"
},
{
"name": "62084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-wlc-cve20133474-dos(86811)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
},
{
"name": "20130830 Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474"
},
{
"name": "1028970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028970"
},
{
"name": "96763",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96763"
},
{
"name": "62084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-wlc-cve20133474-dos(86811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
},
{
"name": "20130830 Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474"
},
{
"name": "1028970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028970"
},
{
"name": "96763",
"refsource": "OSVDB",
"url": "http://osvdb.org/96763"
},
{
"name": "62084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3474",
"datePublished": "2013-08-30T20:00:00",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:38.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1799
Vulnerability from cvelistv5
Published
2019-04-18 00:45
Modified
2024-11-21 19:38
Severity ?
EPSS score ?
Summary
A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108008 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Wireless LAN Controller (WLC) |
Version: unspecified < 8.2.170.0 Version: unspecified < 8.3.150.0 Version: unspecified < 8.8.100.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108008"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:59:24.557200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:38:29.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller (WLC)",
"vendor": "Cisco",
"versions": [
{
"lessThan": "8.2.170.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.3.150.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.8.100.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-19T13:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108008"
}
],
"source": {
"advisory": "cisco-sa-20190417-wlc-iapp",
"defect": [
[
"CSCvh91032",
"CSCvh96364",
"CSCvi89027"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-04-17T16:00:00-0700",
"ID": "CVE-2019-1799",
"STATE": "PUBLIC",
"TITLE": "Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller (WLC)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.170.0"
},
{
"version_affected": "\u003c",
"version_value": "8.3.150.0"
},
{
"version_affected": "\u003c",
"version_value": "8.8.100.0"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"name": "108008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108008"
}
]
},
"source": {
"advisory": "cisco-sa-20190417-wlc-iapp",
"defect": [
[
"CSCvh91032",
"CSCvh96364",
"CSCvi89027"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1799",
"datePublished": "2019-04-18T00:45:16.293711Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:38:29.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0704
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0704",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0701
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0701",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3291
Vulnerability from cvelistv5
Published
2014-06-08 16:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57895 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/67926 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34558 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030410 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57895"
},
{
"name": "20140606 Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"name": "67926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67926"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"name": "1030410",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-13T12:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "57895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57895"
},
{
"name": "20140606 Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"name": "67926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67926"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"name": "1030410",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57895"
},
{
"name": "20140606 Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"name": "67926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67926"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"name": "1030410",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3291",
"datePublished": "2014-06-08T16:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0756
Vulnerability from cvelistv5
Published
2015-05-29 15:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032419 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39041 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032419",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032419"
},
{
"name": "20150527 Cisco Wireless LAN Controller TCP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1032419",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032419"
},
{
"name": "20150527 Cisco Wireless LAN Controller TCP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032419"
},
{
"name": "20150527 Cisco Wireless LAN Controller TCP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0756",
"datePublished": "2015-05-29T15:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6311
Vulnerability from cvelistv5
Published
2015-10-08 20:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=41249 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033731 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151002 Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41249"
},
{
"name": "1033731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20151002 Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41249"
},
{
"name": "1033731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151002 Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41249"
},
{
"name": "1033731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6311",
"datePublished": "2015-10-08T20:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3832
Vulnerability from cvelistv5
Published
2017-04-06 18:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97421 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038184 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3"
},
{
"name": "97421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97421"
},
{
"name": "1038184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3"
},
{
"name": "97421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97421"
},
{
"name": "1038184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3"
},
{
"name": "97421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97421"
},
{
"name": "1038184",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3832",
"datePublished": "2017-04-06T18:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6375
Vulnerability from cvelistv5
Published
2016-09-12 01:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036721 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92712 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160831 Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1"
},
{
"name": "1036721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036721"
},
{
"name": "92712",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160831 Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1"
},
{
"name": "1036721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036721"
},
{
"name": "92712",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160831 Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1"
},
{
"name": "1036721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036721"
},
{
"name": "92712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6375",
"datePublished": "2016-09-12T01:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9194
Vulnerability from cvelistv5
Published
2017-04-06 18:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97424 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038182 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97424"
},
{
"name": "1038182",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "97424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97424"
},
{
"name": "1038182",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97424"
},
{
"name": "1038182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038182"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-9194",
"datePublished": "2017-04-06T18:00:00",
"dateReserved": "2016-11-06T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6699
Vulnerability from cvelistv5
Published
2013-11-22 17:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131121 Cisco Wireless LAN Controller Buffer Overread Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20131121 Cisco Wireless LAN Controller Buffer Overread Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131121 Cisco Wireless LAN Controller Buffer Overread Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6699",
"datePublished": "2013-11-22T17:00:00",
"dateReserved": "2013-11-07T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6684
Vulnerability from cvelistv5
Published
2013-11-13 15:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6684 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131112 Cisco Wireless LAN Controller HTTP Request Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-13T15:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20131112 Cisco Wireless LAN Controller HTTP Request Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131112 Cisco Wireless LAN Controller HTTP Request Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6684",
"datePublished": "2013-11-13T15:00:00Z",
"dateReserved": "2013-11-07T00:00:00Z",
"dateUpdated": "2024-09-17T01:16:42.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3559
Vulnerability from cvelistv5
Published
2020-09-24 17:51
Modified
2024-11-13 18:01
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Aironet Access Point Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:23:42.435777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:01:53.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T17:51:04",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw"
}
],
"source": {
"advisory": "cisco-sa-aironet-dos-h3DCuLXw",
"defect": [
[
"CSCvr68273"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3559",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw"
}
]
},
"source": {
"advisory": "cisco-sa-aironet-dos-h3DCuLXw",
"defect": [
[
"CSCvr68273"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3559",
"datePublished": "2020-09-24T17:51:04.117021Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T18:01:53.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1141
Vulnerability from cvelistv5
Published
2013-02-28 23:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=28417 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28417"
},
{
"name": "20130227 Cisco Wireless LAN Controller Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-28T23:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28417"
},
{
"name": "20130227 Cisco Wireless LAN Controller Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28417",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28417"
},
{
"name": "20130227 Cisco Wireless LAN Controller Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1141",
"datePublished": "2013-02-28T23:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T23:31:40.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0622
Vulnerability from cvelistv5
Published
2015-02-19 00:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0622 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150218 Cisco Wireless LAN Controller Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-19T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150218 Cisco Wireless LAN Controller Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150218 Cisco Wireless LAN Controller Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0622",
"datePublished": "2015-02-19T00:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0706
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0706",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12282
Vulnerability from cvelistv5
Published
2017-11-02 16:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101650 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039724 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:55.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101650"
},
{
"name": "1039724",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "101650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101650"
},
{
"name": "1039724",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101650"
},
{
"name": "1039724",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039724"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12282",
"datePublished": "2017-11-02T16:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:55.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12278
Vulnerability from cvelistv5
Published
2017-11-02 16:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039712 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101642 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:54.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"
},
{
"name": "101642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1039712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"
},
{
"name": "101642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039712",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039712"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"
},
{
"name": "101642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12278",
"datePublished": "2017-11-02T16:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:54.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9195
Vulnerability from cvelistv5
Published
2017-04-07 17:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97425 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038188 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Wireless LAN Controller |
Version: Cisco Wireless LAN Controller |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97425"
},
{
"name": "1038188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Wireless LAN Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Wireless LAN Controller"
}
]
}
],
"datePublic": "2017-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "97425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97425"
},
{
"name": "1038188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Wireless LAN Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97425"
},
{
"name": "1038188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038188"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-9195",
"datePublished": "2017-04-07T17:00:00",
"dateReserved": "2016-11-06T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6376
Vulnerability from cvelistv5
Published
2016-09-02 00:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036720 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92716 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036720"
},
{
"name": "92716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92716"
},
{
"name": "20160831 Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036720"
},
{
"name": "92716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92716"
},
{
"name": "20160831 Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036720"
},
{
"name": "92716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92716"
},
{
"name": "20160831 Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6376",
"datePublished": "2016-09-02T00:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3560
Vulnerability from cvelistv5
Published
2020-09-24 17:50
Modified
2024-11-13 18:02
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Aironet Access Point Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:51.980714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:02:03.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T17:50:59",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y"
}
],
"source": {
"advisory": "cisco-sa-aironet-dos-VHr2zG9y",
"defect": [
[
"CSCvr85609",
"CSCvr85614"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3560",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y"
}
]
},
"source": {
"advisory": "cisco-sa-aironet-dos-VHr2zG9y",
"defect": [
[
"CSCvr85609",
"CSCvr85614"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3560",
"datePublished": "2020-09-24T17:50:59.499854Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T18:02:03.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}