Vulnerabilities > CVE-2014-0705 - Resource Management Errors vulnerability in Cisco products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

cisco

CWE-399

nessus

NVD

Published: 2014-03-06

Updated: 2014-03-07

Summary

The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Wireless LAN Controller Software 7.2 Cisco Wireless LAN Controller Software 7.2.103.0 Cisco Wireless LAN Controller Software 7.2.110.0 Cisco Wireless LAN Controller Software 7.3 Cisco Wireless LAN Controller Software 7.3.101.0 Cisco Wireless LAN Controller Software 7.4.100.0 Cisco Wireless LAN Controller Software 7.4.100.60 Cisco Wireless LAN Controller Software 7.5	8
Hardware	Cisco Cisco Wireless LAN Controller *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20140305-WLC.NASL
description	The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681) - An error exists related to the handling of WebAuth logins that could allow denial of service attacks. (CSCuf52361) - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202) - A memory over-read error exists related to IGMP handling that could allow denial of service attacks. (CSCuh33240) - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233)
last seen	2020-04-30
modified	2014-03-14
plugin id	73018
published	2014-03-14
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73018
title	Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 65982 CVE(CAN) ID: CVE-2014-0705 Cisco WLC 负责全系统的无线LAN功能，例如安全策略、入侵保护、RF管理，服务质量和移动性。 Cisco Wireless LAN Controller的MLD服务没有正确解析畸形MLDv2消息，未经身份验证的远程攻击者可利用此漏洞造成拒绝服务。 0 Cisco Wireless LAN Controller 厂商补丁： Cisco ----- Cisco已经为此发布了一个安全公告（cisco-sa-20140305-wlc）以及相应补丁: cisco-sa-20140305-wlc：Multiple Vulnerabilities in Cisco Wireless LAN Controllers 链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
id	SSV:61671
last seen	2017-11-19
modified	2014-03-06
published	2014-03-06
reporter	Root
title	Cisco Wireless LAN Controller远程拒绝服务漏洞(CVE-2014-0705)

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc