Vulnerabilities > CVE-2014-0703 - Race Condition vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20140305-WLC.NASL |
| description | The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681) - An error exists related to the handling of WebAuth logins that could allow denial of service attacks. (CSCuf52361) - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202) - A memory over-read error exists related to IGMP handling that could allow denial of service attacks. (CSCuh33240) - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233) |
| last seen | 2020-04-30 |
| modified | 2014-03-14 |
| plugin id | 73018 |
| published | 2014-03-14 |
| reporter | This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/73018 |
| title | Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc) |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65983 CVE(CAN) ID: CVE-2014-0703 Cisco WLC 负责全系统的无线LAN功能,例如安全策略、入侵保护、RF管理,服务质量和移动性。 Cisco Wireless LAN Controller推送到Cisco Aironet 1260, 2600, 3500, 3600系列接入点的IOS代码存在安全漏洞,未经身份验证的远程攻击者可利用此漏洞未授权访问受影响设备。该漏洞源于竞争条件错误,虽然受影响接入点的管理HTTP服务器即使已经由管理员禁用,也会依然启用。 0 Cisco Wireless LAN Controller 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20140305-wlc)以及相应补丁: cisco-sa-20140305-wlc:Multiple Vulnerabilities in Cisco Wireless LAN Controllers 链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc |
| id | SSV:61689 |
| last seen | 2017-11-19 |
| modified | 2014-03-07 |
| published | 2014-03-07 |
| reporter | Root |
| title | Cisco Wireless LAN Controller远程未授权访问漏洞(CVE-2014-0703) |