Details of VAR-201403-0211

ID

VAR-201403-0211

CVE

CVE-2014-0707

TITLE

Cisco Wireless LAN Controller Denial of service on device (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001585

DESCRIPTION

Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. Attackers can exploit this issue to cause the affected device to restart, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf80681

Trust: 2.52

sources: NVD: CVE-2014-0707 // JVNDB: JVNDB-2014-001585 // CNVD: CNVD-2014-01541 // BID: 65986 // VULHUB: VHN-68200

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01541

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.3	Trust: 2.4
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.2	Trust: 2.4
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.3.101.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.4.100.60	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.2.110.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.4.100.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.2.103.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	7.4	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.4.110.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.2	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.3	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4	Trust: 0.6

sources: CNVD: CNVD-2014-01541 // JVNDB: JVNDB-2014-001585 // CNNVD: CNNVD-201403-138 // NVD: CVE-2014-0707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0707
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0707
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01541
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201403-138
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68200
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0707
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01541
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-68200
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-01541 // VULHUB: VHN-68200 // JVNDB: JVNDB-2014-001585 // CNNVD: CNNVD-201403-138 // NVD: CVE-2014-0707

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-68200 // JVNDB: JVNDB-2014-001585 // NVD: CVE-2014-0707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-138

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201403-138

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001585

PATCH

title:	30830	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30830	Trust: 0.8
title:	cisco-sa-20140305-wlc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc	Trust: 0.8
title:	33103	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33103	Trust: 0.8
title:	cisco-sa-20140305-wlc	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122122_cisco-sa-20140305-wlc-j.html	Trust: 0.8
title:	Patch for Cisco Wireless LAN Controller Remote Denial of Service Vulnerability (CNVD-2014-01541)	url:	https://www.cnvd.org.cn/patchInfo/show/44125	Trust: 0.6

sources: CNVD: CNVD-2014-01541 // JVNDB: JVNDB-2014-001585

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0707	Trust: 3.4
db:	BID	id:	65986	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001585	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-138	Trust: 0.7
db:	CNVD	id:	CNVD-2014-01541	Trust: 0.6
db:	SECUNIA	id:	57128	Trust: 0.6
db:	CISCO	id:	20140305 MULTIPLE VULNERABILITIES IN CISCO WIRELESS LAN CONTROLLERS	Trust: 0.6
db:	SEEBUG	id:	SSVID-61687	Trust: 0.1
db:	VULHUB	id:	VHN-68200	Trust: 0.1

sources: CNVD: CNVD-2014-01541 // VULHUB: VHN-68200 // BID: 65986 // JVNDB: JVNDB-2014-001585 // CNNVD: CNNVD-201403-138 // NVD: CVE-2014-0707

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140305-wlc	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0707	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0707	Trust: 0.8
url:	http://secunia.com/advisories/57128	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01541 // VULHUB: VHN-68200 // BID: 65986 // JVNDB: JVNDB-2014-001585 // CNNVD: CNNVD-201403-138 // NVD: CVE-2014-0707

CREDITS

Cisco

Trust: 0.3

sources: BID: 65986

SOURCES

db:	CNVD	id:	CNVD-2014-01541
db:	VULHUB	id:	VHN-68200
db:	BID	id:	65986
db:	JVNDB	id:	JVNDB-2014-001585
db:	CNNVD	id:	CNNVD-201403-138
db:	NVD	id:	CVE-2014-0707

LAST UPDATE DATE

2024-11-23T22:02:13.612000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01541	date:	2014-03-10T00:00:00
db:	VULHUB	id:	VHN-68200	date:	2014-03-07T00:00:00
db:	BID	id:	65986	date:	2014-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-001585	date:	2014-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201403-138	date:	2014-03-11T00:00:00
db:	NVD	id:	CVE-2014-0707	date:	2024-11-21T02:02:40.543

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01541	date:	2014-03-10T00:00:00
db:	VULHUB	id:	VHN-68200	date:	2014-03-06T00:00:00
db:	BID	id:	65986	date:	2014-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-001585	date:	2014-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201403-138	date:	2014-03-11T00:00:00
db:	NVD	id:	CVE-2014-0707	date:	2014-03-06T11:55:05.427