Vulnerabilities > CVE-2014-0701 - Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20140305-WLC.NASL |
description | The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681) - An error exists related to the handling of WebAuth logins that could allow denial of service attacks. (CSCuf52361) - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202) - A memory over-read error exists related to IGMP handling that could allow denial of service attacks. (CSCuh33240) - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233) |
last seen | 2020-04-30 |
modified | 2014-03-14 |
plugin id | 73018 |
published | 2014-03-14 |
reporter | This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/73018 |
title | Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc) |
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:65977 CVE ID:CVE-2014-0701 Cisco Wireless LAN Controller负责全系统的无线LAN功能,例如安全策略、入侵保护、RF管理,服务质量和移动性。 Cisco Wireless LAN Controller WebAuth功能存在安全漏洞,允许未验证远程攻击者使设备重载。 由于处理WebAuth登录过程中未能释放使用的内存,允许攻击者高速提交大量WebAuth请求,可使设备进行不稳定状态,消耗大量内存造成设备重启。 0 Cisco Wireless LAN Controller 7.0 Cisco Wireless LAN Controller 7.2 Cisco Wireless LAN Controller 7.3 Cisco Wireless LAN Controller 7.4 厂商补丁: Cisco ----- Cisco Wireless LAN Controller 7.4.121.0已经修复该漏洞,建议用户下载更新: http://www.cisco.com/ |
id | SSV:61726 |
last seen | 2017-11-19 |
modified | 2014-03-11 |
published | 2014-03-11 |
reporter | Root |
title | Cisco Wireless LAN Controller拒绝服务漏洞 |