Vulnslist

find the latest Cisco vulnerabilities

Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability

Cisco-SA-20150326-CVE-2015-0679 · Medium · Published · Updated

A vulnerability in the web authentication feature of Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to the improper handling of ill-formed passwords by the web authentication feature used by the affected software. An unauthenticated, adjacent attacker could exploit this vulnerability by submitting ill-formed passwords to an affected device. A successful exploit could cause the device to crash and reload, resulting in a DoS condition. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must have access to the same broadcast or collision domain as the targeted device. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators may consider using another authentication method such as authenticating against an LDAP server.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-0679
Cisco Bug IDsCSCui57980
CVSS ScoreBase 5.7
Base 5.7 AV:A/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C
Product Names From Source
Cisco Wireless LAN Controller (WLC) 7.4.110.0, Cisco Wireless LAN Controller (WLC) 7.3.103.8, Cisco Wireless LAN Controller (WLC)

CSAF Product Statuses

Product Status Source CVE Rows
7.3.103.8 known_affected cisco_csaf CVE-2015-0679 1
7.4.110.0 known_affected cisco_csaf CVE-2015-0679 1

Related Products

Product CVE Evidence
Cisco Wireless LAN Controller (WLC) CVE-2015-0679 Cisco OpenVuln