var-201308-0219
Vulnerability from variot
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. Cisco Wireless LAN Controller (WLC) Runs on the device Web Administrator interface includes service disruption ( Device crash ) There are vulnerabilities that are put into a state. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An attacker with any Full Manager, Read Only, and Lobby Ambassador manager group member accounts is authenticated and submits a request to the affected device. The request contains missing values or malformed values for specific parameters, which can cause the device to reboot. When it crashes, an authenticated remote attacker can exploit this vulnerability to cause a denial of service. These issues are being tracked by Cisco Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. The vulnerability is caused by the program not properly filtering parameters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless lan controller",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "wireless lan controller",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5(.102.0)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62084"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3474",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3474",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-12739",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-63476",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3474",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-12739",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63476",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. Cisco Wireless LAN Controller (WLC) Runs on the device Web Administrator interface includes service disruption ( Device crash ) There are vulnerabilities that are put into a state. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An attacker with any Full Manager, Read Only, and Lobby Ambassador manager group member accounts is authenticated and submits a request to the affected device. The request contains missing values or malformed values for specific parameters, which can cause the device to reboot. When it crashes, an authenticated remote attacker can exploit this vulnerability to cause a denial of service. \nThese issues are being tracked by Cisco Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. The vulnerability is caused by the program not properly filtering parameters",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "VULHUB",
"id": "VHN-63476"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3474",
"trust": 3.4
},
{
"db": "BID",
"id": "62084",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "96763",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1028970",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-12739",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20130830 CISCO WIRELESS LAN CONTROLLER MULTIPLE PARAMETER HANDLING DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63476",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"id": "VAR-201308-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
}
],
"trust": 1.2126263
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
}
]
},
"last_update_date": "2023-12-18T13:49:05.727000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3474"
},
{
"title": "30618",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30618"
},
{
"title": "Cisco Wireless LAN Controller has multiple patches for denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39272"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3474"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/62084"
},
{
"trust": 1.1,
"url": "http://osvdb.org/96763"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1028970"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3474"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3474"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"db": "VULHUB",
"id": "VHN-63476"
},
{
"db": "BID",
"id": "62084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"date": "2013-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63476"
},
{
"date": "2013-08-30T00:00:00",
"db": "BID",
"id": "62084"
},
{
"date": "2013-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"date": "2013-08-30T20:55:08.647000",
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"date": "2013-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12739"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63476"
},
{
"date": "2013-09-05T00:09:00",
"db": "BID",
"id": "62084"
},
{
"date": "2013-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003947"
},
{
"date": "2017-08-29T01:33:23.793000",
"db": "NVD",
"id": "CVE-2013-3474"
},
{
"date": "2013-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Wireless LAN Controller Device Web Service disruption in the administrator interface (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003947"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-480"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.