Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

cisco-sa-20140305-wlc · Critical · Published · Updated

The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc

Cisco advisory ·CSAF JSON

Workarounds

Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability
Administrators may mitigate this issue by configuring Global AP Management Credentials on the affected device. This will disable the defaults and help ensure that unauthorized parties are unable to access the AP via the HTTP interface.

There are no on-device workarounds that mitigate the other vulnerabilities detailed in this document

Mitigation information for the vulnerability described in this advisory is available in the companion Applied Mitigation Bulletin (AMB) at the following location: Identifying and Mitigating Exploitation of Multiple Vulnerabilities in Cisco Wireless LAN Controllers http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30830

CVEsCVE-2014-0701, CVE-2014-0703, CVE-2014-0704, CVE-2014-0705, CVE-2014-0706, CVE-2014-0707
Cisco Bug IDsCSCue87929, CSCuf52361, CSCuf66202, CSCuf80681, CSCuh33240, CSCuh74233
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
Base 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Wireless LAN Controller (WLC), Cisco Wireless LAN Controller (WLC) 4.0.196, Cisco Wireless LAN Controller (WLC) 4.0.108, Cisco Wireless LAN Controller (WLC) 4.0.155.5, Cisco Wireless LAN Controller (WLC) 4.0.179.8, Cisco Wireless LAN Controller (WLC) 4.0.179.11, Cisco Wireless LAN Controller (WLC) 4.0.155.0, Cisco Wireless LAN Controller (WLC) 4.0.206.0, Cisco Wireless LAN Controller (WLC) 4.0.217.0, Cisco Wireless LAN Controller (WLC) 4.0.219.0, Cisco Wireless LAN Controller (WLC) Base, Cisco Wireless LAN Controller (WLC) 4.1.181.0, Cisco Wireless LAN Controller (WLC) 4.1.171.0, Cisco Wireless LAN Controller (WLC) 4.1.185.0, Cisco Wireless LAN Controller (WLC) 4.2.61.0, Cisco Wireless LAN Controller (WLC) 4.2.99.0, Cisco Wireless LAN Controller (WLC) 4.2.112.0, Cisco Wireless LAN Controller (WLC) 4.2.130.0, Cisco Wireless LAN Controller (WLC) 4.2.117.0, Cisco Wireless LAN Controller (WLC) 4.2.173.0, Cisco Wireless LAN Controller (WLC) 4.2.174.0, Cisco Wireless LAN Controller (WLC) 4.2.176.0, Cisco Wireless LAN Controller (WLC) 4.2.182.0, Cisco Wireless LAN Controller (WLC) 5.0.148.0, Cisco Wireless LAN Controller (WLC) 5.0.148.2, Cisco Wireless LAN Controller (WLC) 5.1.151.0, Cisco Wireless LAN Controller (WLC) 5.1.152.0, Cisco Wireless LAN Controller (WLC) 5.1.160.0, Cisco Wireless LAN Controller (WLC) 5.2.157.0, Cisco Wireless LAN Controller (WLC) 5.2.169.0, Cisco Wireless LAN Controller (WLC) 6.0.182.0, Cisco Wireless LAN Controller (WLC) 6.0.188.0, Cisco Wireless LAN Controller (WLC) 6.0.196.0, Cisco Wireless LAN Controller (WLC) 6.0.199.4, Cisco Wireless LAN Controller (WLC) 6.0.202.0, Cisco Wireless LAN Controller (WLC) 7.0.98.0, Cisco Wireless LAN Controller (WLC) 7.0.116.0, Cisco Wireless LAN Controller (WLC) 7.0.98.218, Cisco Wireless LAN Controller (WLC) 7.0.220.0, Cisco Wireless LAN Controller (WLC) 7.1.91.0, Cisco Wireless LAN Controller (WLC) 7.2.103.0, Cisco Wireless LAN Controller (WLC) 7.4.100.0, Cisco Wireless LAN Controller (WLC) 7.4.100.60, Cisco Wireless LAN Controller (WLC) 7.4.110.0, Cisco Wireless LAN Controller (WLC) 7.3.101.0, Cisco Wireless LAN Controller (WLC) 7.3.112.0, Cisco Wireless LAN Controller (WLC) 7.5.102.0

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2014-0707 Cisco OpenVuln
Cisco RV Series Routers CVE-2014-0706 Cisco OpenVuln
Cisco RV Series Routers CVE-2014-0705 Cisco OpenVuln
Cisco RV Series Routers CVE-2014-0704 Cisco OpenVuln
Cisco RV Series Routers CVE-2014-0703 Cisco OpenVuln
Cisco RV Series Routers CVE-2014-0701 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2014-0707 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2014-0706 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2014-0705 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2014-0704 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2014-0703 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2014-0701 Cisco OpenVuln