Sign-up

ID

VAR-201308-0219


CVE

CVE-2013-3474


TITLE

Cisco Wireless LAN Controller Device Web Service disruption in the administrator interface (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003947

DESCRIPTION

The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. Cisco Wireless LAN Controller (WLC) Runs on the device Web Administrator interface includes service disruption ( Device crash ) There are vulnerabilities that are put into a state. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An attacker with any Full Manager, Read Only, and Lobby Ambassador manager group member accounts is authenticated and submits a request to the affected device. The request contains missing values or malformed values for specific parameters, which can cause the device to reboot. When it crashes, an authenticated remote attacker can exploit this vulnerability to cause a denial of service. These issues are being tracked by Cisco Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. The vulnerability is caused by the program not properly filtering parameters

Trust: 2.52

sources: NVD: CVE-2013-3474 // JVNDB: JVNDB-2013-003947 // CNVD: CNVD-2013-12739 // BID: 62084 // VULHUB: VHN-63476

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-12739

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 1.2

vendor:ciscomodel:wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:wireless lan controllerscope:lteversion:7.5(.102.0)

Trust: 0.8

sources: CNVD: CNVD-2013-12739 // JVNDB: JVNDB-2013-003947 // CNNVD: CNNVD-201308-480 // NVD: CVE-2013-3474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3474
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3474
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-12739
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201308-480
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63476
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3474
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-12739
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63476
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-12739 // VULHUB: VHN-63476 // JVNDB: JVNDB-2013-003947 // CNNVD: CNNVD-201308-480 // NVD: CVE-2013-3474

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-63476 // JVNDB: JVNDB-2013-003947 // NVD: CVE-2013-3474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-480

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201308-480

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003947

PATCH
title:Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474
Trust: 0.8
title:30618url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30618
Trust: 0.8
title:Cisco Wireless LAN Controller has multiple patches for denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/39272
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-12739 // 
            
            
            
            JVNDB: JVNDB-2013-003947

EXTERNAL IDS
db:NVDid:CVE-2013-3474
Trust: 3.4
db:BIDid:62084
Trust: 2.0
db:OSVDBid:96763
Trust: 1.1
db:SECTRACKid:1028970
Trust: 1.1
db:JVNDBid:JVNDB-2013-003947
Trust: 0.8
db:CNNVDid:CNNVD-201308-480
Trust: 0.7
db:CNVDid:CNVD-2013-12739
Trust: 0.6
db:CISCOid:20130830 CISCO WIRELESS LAN CONTROLLER MULTIPLE PARAMETER HANDLING DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-63476
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-12739 // 
            
            
            
            VULHUB: VHN-63476 // 
            
            
            
            BID: 62084 // 
            
            
            
            JVNDB: JVNDB-2013-003947 // 
            
            
            
            CNNVD: CNNVD-201308-480 // 
            
            
            
            NVD: CVE-2013-3474

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3474
Trust: 2.3
url:http://www.securityfocus.com/bid/62084
Trust: 1.1
url:http://osvdb.org/96763
Trust: 1.1
url:http://www.securitytracker.com/id/1028970
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86811
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3474
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3474
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-12739 // 
            
            
            
            VULHUB: VHN-63476 // 
            
            
            
            BID: 62084 // 
            
            
            
            JVNDB: JVNDB-2013-003947 // 
            
            
            
            CNNVD: CNNVD-201308-480 // 
            
            
            
            NVD: CVE-2013-3474

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62084

SOURCES
db:CNVDid:CNVD-2013-12739
db:VULHUBid:VHN-63476
db:BIDid:62084
db:JVNDBid:JVNDB-2013-003947
db:CNNVDid:CNNVD-201308-480
db:NVDid:CVE-2013-3474

LAST UPDATE DATE
2024-08-14T14:21:17.182000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-12739date:2013-09-03T00:00:00
db:VULHUBid:VHN-63476date:2017-08-29T00:00:00
db:BIDid:62084date:2013-09-05T00:09:00
db:JVNDBid:JVNDB-2013-003947date:2013-09-04T00:00:00
db:CNNVDid:CNNVD-201308-480date:2013-09-11T00:00:00
db:NVDid:CVE-2013-3474date:2017-08-29T01:33:23.793

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-12739date:2013-09-03T00:00:00
db:VULHUBid:VHN-63476date:2013-08-30T00:00:00
db:BIDid:62084date:2013-08-30T00:00:00
db:JVNDBid:JVNDB-2013-003947date:2013-09-04T00:00:00
db:CNNVDid:CNNVD-201308-480date:2013-08-30T00:00:00
db:NVDid:CVE-2013-3474date:2013-08-30T20:55:08.647