Denial of service in Cisco Wireless LAN Controller
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-12278 CVE-2017-12275 |
| CWE-ID | CWE-401 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Wireless LAN Controller Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU9087
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12278
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers due to a memory leak after the device fails to deallocate a buffer that is used when certain MIBs are polled. A remote attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials can repeatedly poll the affected MIB object IDs (OIDs), consume available memory and cause the system to reload.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0).
Vulnerable software versionsCisco Wireless LAN Controller: 8.2.130.202 - 8.3.102.15
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU9088
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12275
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An adjacent attacker can send a malformed 802.11v BSS Transition Management Response packet and cause the device to reload.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0).
Vulnerable software versionsCisco Wireless LAN Controller: 8.2.130.202 - 8.3.102.15
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
