Sign-up

ID

VAR-201403-0206


CVE

CVE-2014-0701


TITLE

Cisco Wireless LAN Controller Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001580

DESCRIPTION

Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361. Attackers can exploit this issue to consume excess memory and cause the watchdog process to restart the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf52361. There is a security vulnerability in Cisco WLC equipment. The vulnerability is caused by the program not releasing memory properly

Trust: 2.52

sources: NVD: CVE-2014-0701 // JVNDB: JVNDB-2014-001580 // CNVD: CNVD-2014-01574 // BID: 65977 // VULHUB: VHN-68194

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01574

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.3

Trust: 2.4

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.2

Trust: 2.4

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.0.220.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.3.101.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.0.235.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.100.60

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.2.110.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.100.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.2.103.0

Trust: 1.6

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:7.4

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.110.0

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.0.250.0

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:7.0

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.2

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.3

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.0

Trust: 0.6

sources: CNVD: CNVD-2014-01574 // JVNDB: JVNDB-2014-001580 // CNNVD: CNNVD-201403-133 // NVD: CVE-2014-0701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0701
value: HIGH

Trust: 1.0

NVD: CVE-2014-0701
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01574
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-133
value: HIGH

Trust: 0.6

VULHUB: VHN-68194
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0701
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01574
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68194
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-01574 // VULHUB: VHN-68194 // JVNDB: JVNDB-2014-001580 // CNNVD: CNNVD-201403-133 // NVD: CVE-2014-0701

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-68194 // JVNDB: JVNDB-2014-001580 // NVD: CVE-2014-0701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-133

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201403-133

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001580

PATCH
title:30830url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30830
Trust: 0.8
title:cisco-sa-20140305-wlcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
Trust: 0.8
title:33098url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33098
Trust: 0.8
title:cisco-sa-20140305-wlcurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122122_cisco-sa-20140305-wlc-j.html
Trust: 0.8
title:Patch for Cisco Wireless LAN Controller Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/44139
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01574 // 
            
            
            
            JVNDB: JVNDB-2014-001580

EXTERNAL IDS
db:NVDid:CVE-2014-0701
Trust: 3.4
db:BIDid:65977
Trust: 1.0
db:JVNDBid:JVNDB-2014-001580
Trust: 0.8
db:CNNVDid:CNNVD-201403-133
Trust: 0.7
db:CNVDid:CNVD-2014-01574
Trust: 0.6
db:SECUNIAid:57128
Trust: 0.6
db:CISCOid:20140305 MULTIPLE VULNERABILITIES IN CISCO WIRELESS LAN CONTROLLERS
Trust: 0.6
db:SEEBUGid:SSVID-61726
Trust: 0.1
db:VULHUBid:VHN-68194
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-01574 // 
            
            
            
            VULHUB: VHN-68194 // 
            
            
            
            BID: 65977 // 
            
            
            
            JVNDB: JVNDB-2014-001580 // 
            
            
            
            CNNVD: CNNVD-201403-133 // 
            
            
            
            NVD: CVE-2014-0701

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140305-wlc
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0701
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0701
Trust: 0.8
url:http://secunia.com/advisories/57128
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01574 // 
            
            
            
            VULHUB: VHN-68194 // 
            
            
            
            BID: 65977 // 
            
            
            
            JVNDB: JVNDB-2014-001580 // 
            
            
            
            CNNVD: CNNVD-201403-133 // 
            
            
            
            NVD: CVE-2014-0701

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65977

SOURCES
db:CNVDid:CNVD-2014-01574
db:VULHUBid:VHN-68194
db:BIDid:65977
db:JVNDBid:JVNDB-2014-001580
db:CNNVDid:CNNVD-201403-133
db:NVDid:CVE-2014-0701

LAST UPDATE DATE
2024-11-23T22:02:13.788000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01574date:2014-03-17T00:00:00
db:VULHUBid:VHN-68194date:2014-03-07T00:00:00
db:BIDid:65977date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2014-001580date:2014-03-07T00:00:00
db:CNNVDid:CNNVD-201403-133date:2014-03-10T00:00:00
db:NVDid:CVE-2014-0701date:2024-11-21T02:02:39.977

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-01574date:2014-03-11T00:00:00
db:VULHUBid:VHN-68194date:2014-03-06T00:00:00
db:BIDid:65977date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2014-001580date:2014-03-07T00:00:00
db:CNNVDid:CNNVD-201403-133date:2014-03-10T00:00:00
db:NVDid:CVE-2014-0701date:2014-03-06T11:55:05.317