Vulnslist

find the latest Cisco vulnerabilities

Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability

cisco-sa-20171101-wlc1 · High · Published · Updated

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-12278
Cisco Bug IDsCSCvc71674
CVSS ScoreBase 7.7
Base 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Wireless LAN Controller (WLC) 7.0.98.0, Cisco Wireless LAN Controller (WLC) 7.0.116.0, Cisco Wireless LAN Controller (WLC) 7.0.98.218, Cisco Wireless LAN Controller (WLC) 7.0.220.0, Cisco Wireless LAN Controller (WLC) 7.0.240.0, Cisco Wireless LAN Controller (WLC) 7.0.250.0, Cisco Wireless LAN Controller (WLC) 7.0.252.0, Cisco Wireless LAN Controller (WLC) 7.0.230.0, Cisco Wireless LAN Controller (WLC) 7.0.235.0, Cisco Wireless LAN Controller (WLC) 7.0.235.3, Cisco Wireless LAN Controller (WLC) 7.0.251.2, Cisco Wireless LAN Controller (WLC) 7.1.91.0, Cisco Wireless LAN Controller (WLC) 7.2.103.0, Cisco Wireless LAN Controller (WLC) 7.2.110.0, Cisco Wireless LAN Controller (WLC) 7.2.111.3, Cisco Wireless LAN Controller (WLC) 7.2.115.2, Cisco Wireless LAN Controller (WLC) 7.4.100.0, Cisco Wireless LAN Controller (WLC) 7.4.100.60, Cisco Wireless LAN Controller (WLC) 7.4.110.0, Cisco Wireless LAN Controller (WLC) 7.4.121.0, Cisco Wireless LAN Controller (WLC) 7.4.140.0, Cisco Wireless LAN Controller (WLC) 7.4.130.0, Cisco Wireless LAN Controller (WLC) 7.4.150.0, Cisco Wireless LAN Controller (WLC) 7.3.101.0, Cisco Wireless LAN Controller (WLC) 7.3.112.0, Cisco Wireless LAN Controller (WLC) 7.5.102.0, Cisco Wireless LAN Controller (WLC) 7.6.100.0, Cisco Wireless LAN Controller (WLC) 7.6.120.0, Cisco Wireless LAN Controller (WLC) 7.6.110.0, Cisco Wireless LAN Controller (WLC) 7.6.130.0, Cisco Wireless LAN Controller (WLC) 8.0.100.0, Cisco Wireless LAN Controller (WLC) 8.0.115.0, Cisco Wireless LAN Controller (WLC) 8.0.120.0, Cisco Wireless LAN Controller (WLC) 8.0.121.0, Cisco Wireless LAN Controller (WLC) 8.0.135.0, Cisco Wireless LAN Controller (WLC) 8.0.133.0, Cisco Wireless LAN Controller (WLC) 8.0.132.0, Cisco Wireless LAN Controller (WLC) 8.0.110.0, Cisco Wireless LAN Controller (WLC) 8.0.140.0, Cisco Wireless LAN Controller (WLC) 8.1.111.0, Cisco Wireless LAN Controller (WLC) 8.1.131.0, Cisco Wireless LAN Controller (WLC) 8.1.122.0, Cisco Wireless LAN Controller (WLC) 8.1.130.0, Cisco Wireless LAN Controller (WLC) 8.1.102.0, Cisco Wireless LAN Controller (WLC) 8.1.132.0, Cisco Wireless LAN Controller (WLC) 8.3.102.0, Cisco Wireless LAN Controller (WLC) 8.3.111.0, Cisco Wireless LAN Controller (WLC) 8.3.112.0, Cisco Wireless LAN Controller (WLC) 8.2.121.0, Cisco Wireless LAN Controller (WLC) 8.2.130.0, Cisco Wireless LAN Controller (WLC) 8.2.100.0, Cisco Wireless LAN Controller (WLC) 8.2.110.0, Cisco Wireless LAN Controller (WLC) 8.2.111.0, Cisco Wireless LAN Controller (WLC) 8.2.141.0, Cisco Wireless LAN Controller (WLC) 8.2.151.0, Cisco Wireless LAN Controller (WLC)

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2017-12278 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-12278 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2017-12278 Cisco OpenVuln