Vulnerabilities > CVE-2016-9195 - Resource Management Errors vulnerability in Cisco Wireless LAN Controller 8.3.102.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20170405-WLC1.NASL |
description | According to its self-reported version, the Cisco Wireless LAN Controller (WLC) software running on the remote device is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the RADIUS Change of Authorization (CoA) request processing due to improper validation of the RADIUS CoA packet header. An unauthenticated, remote attacker can exploit this, via a specially crafted RADIUS CoA packet, to disconnect connections through the WLC. (CVE-2016-9195) - A denial of service vulnerability exists in the web management interface due to a missing internal handler for a specific request. An unauthenticated, remote attacker can exploit this, by accessing a hidden URL on the web management interface, to cause the device to reload. (CVE-2017-3832) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 99472 |
published | 2017-04-19 |
reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/99472 |
title | Cisco Wireless LAN Controller Multiple DoS |
code |
|
References
- http://www.securityfocus.com/bid/97425
- http://www.securityfocus.com/bid/97425
- http://www.securitytracker.com/id/1038188
- http://www.securitytracker.com/id/1038188
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1