CVE-2014-0701 - Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0

CVE-2014-0701

Summary

Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc

Vulnerable Configurations

cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.220.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.220.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.235.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.235.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 07-03-2014 - 19:50)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

cisco

20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Last major update

07-03-2014 - 19:50

Published

06-03-2014 - 11:55

Last modified

07-03-2014 - 19:50