Vulnerabilities > CVE-2014-0701 - Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

nessus

NVD

Published: 2014-03-06

Updated: 2014-03-07

Summary

Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Wireless LAN Controller Software 7.0 Cisco Wireless LAN Controller Software 7.0.220.0 Cisco Wireless LAN Controller Software 7.0.235.0 Cisco Wireless LAN Controller Software 7.2 Cisco Wireless LAN Controller Software 7.2.103.0 Cisco Wireless LAN Controller Software 7.2.110.0 Cisco Wireless LAN Controller Software 7.3 Cisco Wireless LAN Controller Software 7.3.101.0 Cisco Wireless LAN Controller Software 7.4.100.0 Cisco Wireless LAN Controller Software 7.4.100.60	10
Hardware	Cisco Cisco Wireless LAN Controller *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20140305-WLC.NASL
description	The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681) - An error exists related to the handling of WebAuth logins that could allow denial of service attacks. (CSCuf52361) - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202) - A memory over-read error exists related to IGMP handling that could allow denial of service attacks. (CSCuh33240) - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233)
last seen	2020-04-30
modified	2014-03-14
plugin id	73018
published	2014-03-14
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73018
title	Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)

Seebug

bulletinFamily	exploit
description	Bugtraq ID:65977 CVE ID:CVE-2014-0701 Cisco Wireless LAN Controller负责全系统的无线LAN功能，例如安全策略、入侵保护、RF管理，服务质量和移动性。 Cisco Wireless LAN Controller WebAuth功能存在安全漏洞，允许未验证远程攻击者使设备重载。由于处理WebAuth登录过程中未能释放使用的内存，允许攻击者高速提交大量WebAuth请求，可使设备进行不稳定状态，消耗大量内存造成设备重启。 0 Cisco Wireless LAN Controller 7.0 Cisco Wireless LAN Controller 7.2 Cisco Wireless LAN Controller 7.3 Cisco Wireless LAN Controller 7.4 厂商补丁： Cisco ----- Cisco Wireless LAN Controller 7.4.121.0已经修复该漏洞，建议用户下载更新： http://www.cisco.com/
id	SSV:61726
last seen	2017-11-19
modified	2014-03-11
published	2014-03-11
reporter	Root
title	Cisco Wireless LAN Controller拒绝服务漏洞

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc