Memory leak in Cisco Wireless LAN Controller - CVE-2017-12278
Published: November 2, 2017
Vulnerability identifier: #VU9087
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12278
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Wireless LAN Controller
Cisco Wireless LAN Controller
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers due to a memory leak after the device fails to deallocate a buffer that is used when certain MIBs are polled. A remote attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials can repeatedly poll the affected MIB object IDs (OIDs), consume available memory and cause the system to reload.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers due to a memory leak after the device fails to deallocate a buffer that is used when certain MIBs are polled. A remote attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials can repeatedly poll the affected MIB object IDs (OIDs), consume available memory and cause the system to reload.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-12278
Install update from vendor's website (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0).