Details of VAR-201305-0112

ID

VAR-201305-0112

CVE

CVE-2013-1235

TITLE

Cisco Wireless LAN Controller Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002564

DESCRIPTION

Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A security vulnerability exists in the Cisco Wireless LAN Controller. Allows an unauthenticated remote attacker to cause a denial of service for a remote login Telnet session. This vulnerability stems from an application that incorrectly releases an unexpectedly terminated remote login session resource, which can result in the exhaustion of an available Telnet session. This issue is being tracked by Cisco Bug ID CSCug35507

Trust: 2.52

sources: NVD: CVE-2013-1235 // JVNDB: JVNDB-2013-002564 // CNVD: CNVD-2013-04916 // BID: 59653 // VULHUB: VHN-61237

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04916

AFFECTED PRODUCTS

vendor:	cisco	model:	2106 wireless lan controller	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	7500 wireless lan controller	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	5500 wireless lan controller	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	8500 wireless lan controller	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	4402 wireless lan controller	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	4404 wireless lan controller	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	2504 wireless lan controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	4404 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	4400 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2500 wireless lan controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	2125 wireless lan controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	2100 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	airespace 4000 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	4402 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2000 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2112 wireless lan controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	4100 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2000 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	2100 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	2106 wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	2112 wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	2125 wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	2500 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	2504 wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	4100 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	4400 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	5500 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	7500 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	8500 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	airespace 4000 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	lte	version:	7.4(1.54)	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.x	Trust: 0.6
vendor:	cisco	model:	airespace 4000 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	4400 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	2100 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	4100 wireless lan controller	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-04916 // JVNDB: JVNDB-2013-002564 // CNNVD: CNNVD-201305-089 // NVD: CVE-2013-1235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1235
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1235
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-04916
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201305-089
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61237
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1235
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04916
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61237
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-04916 // VULHUB: VHN-61237 // JVNDB: JVNDB-2013-002564 // CNNVD: CNNVD-201305-089 // NVD: CVE-2013-1235

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2013-002564 // NVD: CVE-2013-1235

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-089

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 59653

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002564

PATCH

title:	Cisco Wireless LAN Controller Telnet Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235	Trust: 0.8
title:	29209	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29209	Trust: 0.8
title:	Patch for Cisco Wireless LAN Controller Telnet Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/33824	Trust: 0.6

sources: CNVD: CNVD-2013-04916 // JVNDB: JVNDB-2013-002564

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1235	Trust: 3.4
db:	BID	id:	59653	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002564	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-089	Trust: 0.7
db:	SECUNIA	id:	53338	Trust: 0.6
db:	CNVD	id:	CNVD-2013-04916	Trust: 0.6
db:	CISCO	id:	20130503 CISCO WIRELESS LAN CONTROLLER TELNET DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61237	Trust: 0.1

sources: CNVD: CNVD-2013-04916 // VULHUB: VHN-61237 // BID: 59653 // JVNDB: JVNDB-2013-002564 // CNNVD: CNNVD-201305-089 // NVD: CVE-2013-1235

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1235	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1235	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1235	Trust: 0.8
url:	http://secunia.com/advisories/53338/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-04916 // VULHUB: VHN-61237 // BID: 59653 // JVNDB: JVNDB-2013-002564 // CNNVD: CNNVD-201305-089 // NVD: CVE-2013-1235

CREDITS

Cisco

Trust: 0.3

sources: BID: 59653

SOURCES

db:	CNVD	id:	CNVD-2013-04916
db:	VULHUB	id:	VHN-61237
db:	BID	id:	59653
db:	JVNDB	id:	JVNDB-2013-002564
db:	CNNVD	id:	CNNVD-201305-089
db:	NVD	id:	CVE-2013-1235

LAST UPDATE DATE

2024-11-23T22:39:05.324000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04916	date:	2013-05-08T00:00:00
db:	VULHUB	id:	VHN-61237	date:	2013-05-06T00:00:00
db:	BID	id:	59653	date:	2013-05-24T17:54:00
db:	JVNDB	id:	JVNDB-2013-002564	date:	2013-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201305-089	date:	2013-05-17T00:00:00
db:	NVD	id:	CVE-2013-1235	date:	2024-11-21T01:49:10.087

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04916	date:	2013-05-08T00:00:00
db:	VULHUB	id:	VHN-61237	date:	2013-05-04T00:00:00
db:	BID	id:	59653	date:	2013-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-002564	date:	2013-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201305-089	date:	2013-05-17T00:00:00
db:	NVD	id:	CVE-2013-1235	date:	2013-05-04T03:24:41.720