VAR-201308-0219
Vulnerability from variot - Updated: 2023-12-18 13:49The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. Cisco Wireless LAN Controller (WLC) Runs on the device Web Administrator interface includes service disruption ( Device crash ) There are vulnerabilities that are put into a state. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An attacker with any Full Manager, Read Only, and Lobby Ambassador manager group member accounts is authenticated and submits a request to the affected device. The request contains missing values or malformed values for specific parameters, which can cause the device to reboot. When it crashes, an authenticated remote attacker can exploit this vulnerability to cause a denial of service. These issues are being tracked by Cisco Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. The vulnerability is caused by the program not properly filtering parameters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless lan controller",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "wireless lan controller",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5(.102.0)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62084"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3474",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3474",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-12739",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-63476",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3474",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-12739",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63476",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. Cisco Wireless LAN Controller (WLC) Runs on the device Web Administrator interface includes service disruption ( Device crash ) There are vulnerabilities that are put into a state. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An attacker with any Full Manager, Read Only, and Lobby Ambassador manager group member accounts is authenticated and submits a request to the affected device. The request contains missing values or malformed values for specific parameters, which can cause the device to reboot. When it crashes, an authenticated remote attacker can exploit this vulnerability to cause a denial of service. \nThese issues are being tracked by Cisco Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. The vulnerability is caused by the program not properly filtering parameters",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "VULHUB",
"id": "VHN-63476"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3474",
"trust": 3.4
},
{
"db": "BID",
"id": "62084",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "96763",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1028970",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-12739",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20130830 CISCO WIRELESS LAN CONTROLLER MULTIPLE PARAMETER HANDLING DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63476",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"id": "VAR-201308-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
}
],
"trust": 1.2126263
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
}
]
},
"last_update_date": "2023-12-18T13:49:05.727000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3474"
},
{
"title": "30618",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30618"
},
{
"title": "Cisco Wireless LAN Controller has multiple patches for denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39272"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3474"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/62084"
},
{
"trust": 1.1,
"url": "http://osvdb.org/96763"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1028970"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3474"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3474"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"date": "2013-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63476"
},
{
"date": "2013-08-30T00:00:00",
"db": "BID",
"id": "62084"
},
{
"date": "2013-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"date": "2013-08-30T20:55:08.647000",
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"date": "2013-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63476"
},
{
"date": "2013-09-05T00:09:00",
"db": "BID",
"id": "62084"
},
{
"date": "2013-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"date": "2017-08-29T01:33:23.793000",
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"date": "2013-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Wireless LAN Controller Device Web Service disruption in the administrator interface (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…