SB2017110210 - Denial of service in Cisco Wireless LAN Controller
Published: November 2, 2017
Security Bulletin ID
SB2017110210
CSH Severity
Low
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Partial DoS
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-12280)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an remote attacker to cause DoS condition on the target system.
The weakness exists in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers due to incomplete input validation of fields in CAPWAP Discovery Request packets. An remote attacker can send a specially crafted CAPWAP Discovery Request packets and cause the device to reload.
Successful exploitation of the vulnerability results in denial of service.
2) Improper input validation (CVE-ID: CVE-2017-12282)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an Layer 2 RF-adjacent attacker to cause DoS condition on the target system.
The weakness exists in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers due to incomplete input validation of of ANQP query frames. An remote attacker can send a malformed ANQP query frame that is on an RF-adjacent network and cause the device to restart.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.