Vulnerabilities > CVE-2014-0705 - Resource Management Errors vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20140305-WLC.NASL |
description | The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681) - An error exists related to the handling of WebAuth logins that could allow denial of service attacks. (CSCuf52361) - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202) - A memory over-read error exists related to IGMP handling that could allow denial of service attacks. (CSCuh33240) - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233) |
last seen | 2020-04-30 |
modified | 2014-03-14 |
plugin id | 73018 |
published | 2014-03-14 |
reporter | This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/73018 |
title | Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc) |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 65982 CVE(CAN) ID: CVE-2014-0705 Cisco WLC 负责全系统的无线LAN功能,例如安全策略、入侵保护、RF管理,服务质量和移动性。 Cisco Wireless LAN Controller的MLD服务没有正确解析畸形MLDv2消息,未经身份验证的远程攻击者可利用此漏洞造成拒绝服务。 0 Cisco Wireless LAN Controller 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20140305-wlc)以及相应补丁: cisco-sa-20140305-wlc:Multiple Vulnerabilities in Cisco Wireless LAN Controllers 链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc |
id | SSV:61671 |
last seen | 2017-11-19 |
modified | 2014-03-06 |
published | 2014-03-06 |
reporter | Root |
title | Cisco Wireless LAN Controller远程拒绝服务漏洞(CVE-2014-0705) |