Denial of service in Cisco Wireless LAN Controller

Published: 2017-11-02 10:50:17 | Updated: 2017-11-02 11:23:57
Severity Low
Patch available YES
Number of vulnerabilities 2
CVSSv2 3 (AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
2.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
CVSSv3 3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE ID CVE-2017-12278
CVE-2017-12275
CWE ID CWE-401
CWE-20
Exploitation vector Network
Public exploit Not available
Vulnerable software Cisco Wireless LAN Controller
Vulnerable software versions Cisco Wireless LAN Controller 8.3(102.15)
Cisco Wireless LAN Controller 8.2(130.202)
Vendor URL Cisco Systems, Inc
Advisory type Public

Security Advisory

1) Memory leak

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers due to a memory leak after the device fails to deallocate a buffer that is used when certain MIBs are polled. A remote attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials can repeatedly poll the affected MIB object IDs (OIDs), consume available memory and cause the system to reload.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0).

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1

2) Improper input validation

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers due to due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An adjacent attacker can send a malformed 802.11v BSS Transition Management Response packet and cause the device to reload.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0).

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2

Back to List