#VU9088 Improper input validation in Cisco Wireless LAN Controller
Vulnerability identifier: #VU9088
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Cisco Wireless LAN Controller
Hardware solutions /
Firmware
Vendor: Cisco Systems, Inc
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An adjacent attacker can send a malformed 802.11v BSS Transition Management Response packet and cause the device to reload.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website (8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0).
Vulnerable software versions
Cisco Wireless LAN Controller: 8.2.130.202 - 8.3.102.15
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
