CVE-2017-3832 - A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software coul

CVE-2017-3832

Summary

A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198.

References

Vulnerable Configurations

cpe:2.3:o:cisco:wireless_lan_controller_firmware:8.3.102.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_firmware:8.3.102.0:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 08-11-2021 - 19:46)
Impact:
Exploitability:

CWE

CWE-755

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	97421
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3
sectrack	1038184

Last major update

08-11-2021 - 19:46

Published

06-04-2017 - 18:59

Last modified

08-11-2021 - 19:46