Sign-up

ID

VAR-201503-0175


CVE

CVE-2015-0679


TITLE

Cisco Wireless LAN Controller Device Web Service operation interruption in authentication function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001988

DESCRIPTION

The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. Attackers can exploit this issue to crash and reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCui57980. A security vulnerability exists in the web-authentication feature of Cisco WLC devices Release 7.3(103.8) and Release 7.4(110.0)

Trust: 2.52

sources: NVD: CVE-2015-0679 // JVNDB: JVNDB-2015-001988 // CNVD: CNVD-2015-02074 // BID: 73368 // VULHUB: VHN-78625

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-02074

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4\(110.0\)

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.3\(103.8\)

Trust: 1.0

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.3(103.8)

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4(110.0)

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.3(103.8)

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4(110.0)

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.3\(103.8\)

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4\(110.0\)

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4.110.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.3.103.8

Trust: 0.3

sources: CNVD: CNVD-2015-02074 // BID: 73368 // JVNDB: JVNDB-2015-001988 // CNNVD: CNNVD-201503-610 // NVD: CVE-2015-0679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0679
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0679
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-02074
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201503-610
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78625
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0679
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-02074
severity: MEDIUM
baseScore: 5.7
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78625
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-02074 // VULHUB: VHN-78625 // JVNDB: JVNDB-2015-001988 // CNNVD: CNNVD-201503-610 // NVD: CVE-2015-0679

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-78625 // JVNDB: JVNDB-2015-001988 // NVD: CVE-2015-0679

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201503-610

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201503-610

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001988

PATCH
title:38076url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38076
Trust: 0.8
title:Cisco Wireless LAN Controller WEB Verification Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/56777
Trust: 0.6
title:Cisco Wireless LAN Controller Repair measures for device input verification error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147561
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-02074 // 
            
            
            
            JVNDB: JVNDB-2015-001988 // 
            
            
            
            CNNVD: CNNVD-201503-610

EXTERNAL IDS
db:NVDid:CVE-2015-0679
Trust: 3.4
db:SECTRACKid:1031990
Trust: 1.7
db:JVNDBid:JVNDB-2015-001988
Trust: 0.8
db:CNNVDid:CNNVD-201503-610
Trust: 0.7
db:CNVDid:CNVD-2015-02074
Trust: 0.6
db:BIDid:73368
Trust: 0.4
db:VULHUBid:VHN-78625
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-02074 // 
            
            
            
            VULHUB: VHN-78625 // 
            
            
            
            BID: 73368 // 
            
            
            
            JVNDB: JVNDB-2015-001988 // 
            
            
            
            CNNVD: CNNVD-201503-610 // 
            
            
            
            NVD: CVE-2015-0679

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38076
Trust: 2.6
url:http://www.securitytracker.com/id/1031990
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0679
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0679
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-02074 // 
            
            
            
            VULHUB: VHN-78625 // 
            
            
            
            BID: 73368 // 
            
            
            
            JVNDB: JVNDB-2015-001988 // 
            
            
            
            CNNVD: CNNVD-201503-610 // 
            
            
            
            NVD: CVE-2015-0679

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73368

SOURCES
db:CNVDid:CNVD-2015-02074
db:VULHUBid:VHN-78625
db:BIDid:73368
db:JVNDBid:JVNDB-2015-001988
db:CNNVDid:CNNVD-201503-610
db:NVDid:CVE-2015-0679

LAST UPDATE DATE
2024-11-23T22:56:29.670000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-02074date:2015-03-31T00:00:00
db:VULHUBid:VHN-78625date:2015-10-01T00:00:00
db:BIDid:73368date:2015-03-26T00:00:00
db:JVNDBid:JVNDB-2015-001988date:2015-03-31T00:00:00
db:CNNVDid:CNNVD-201503-610date:2021-04-16T00:00:00
db:NVDid:CVE-2015-0679date:2024-11-21T02:23:31.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-02074date:2015-03-31T00:00:00
db:VULHUBid:VHN-78625date:2015-03-28T00:00:00
db:BIDid:73368date:2015-03-26T00:00:00
db:JVNDBid:JVNDB-2015-001988date:2015-03-31T00:00:00
db:CNNVDid:CNNVD-201503-610date:2015-03-30T00:00:00
db:NVDid:CVE-2015-0679date:2015-03-28T01:59:53.083