Vulnerabilities > CVE-2014-0706 - Resource Management Errors vulnerability in Cisco products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

nessus

NVD

Published: 2014-03-06

Updated: 2014-03-07

Summary

Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Wireless LAN Controller Software 7.2 Cisco Wireless LAN Controller Software 7.2.103.0 Cisco Wireless LAN Controller Software 7.2.110.0 Cisco Wireless LAN Controller Software 7.3 Cisco Wireless LAN Controller Software 7.3.101.0 Cisco Wireless LAN Controller Software 7.4.100.0 Cisco Wireless LAN Controller Software 7.4.100.60	7
Hardware	Cisco Cisco Wireless LAN Controller *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20140305-WLC.NASL
description	The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681) - An error exists related to the handling of WebAuth logins that could allow denial of service attacks. (CSCuf52361) - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202) - A memory over-read error exists related to IGMP handling that could allow denial of service attacks. (CSCuh33240) - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233)
last seen	2020-04-30
modified	2014-03-14
plugin id	73018
published	2014-03-14
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73018
title	Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 65985 CVE(CAN) ID: CVE-2014-0706 Cisco WLC 负责全系统的无线LAN功能，例如安全策略、入侵保护、RF管理，服务质量和移动性。 Cisco Wireless LAN Controller没有正确处理 Ethernet 802.11 帧，未经身份验证的远程攻击者可触发关键错误，造成拒绝服务。 0 Cisco Wireless LAN Controller 厂商补丁： Cisco ----- Cisco已经为此发布了一个安全公告（cisco-sa-20140305-wlc）以及相应补丁: cisco-sa-20140305-wlc：Multiple Vulnerabilities in Cisco Wireless LAN Controllers 链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
id	SSV:61688
last seen	2017-11-19
modified	2014-03-07
published	2014-03-07
reporter	Root
title	Cisco Wireless LAN Controller远程拒绝服务漏洞(CVE-2014-0706)

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc