Sign-up

ID

VAR-201505-0170


CVE

CVE-2015-0723


TITLE

Cisco Wireless LAN Controller Device wireless web Service disruption in the authentication subsystem (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002714

DESCRIPTION

The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. The Cisco Wireless LAN Controller is used to manage Cisco Aironet access point applications using the Lightweight Access Point Protocol (LWAPP). Attackers can exploit this issue to crash and restart the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum03269. This product provides functions such as security policy and intrusion detection in wireless LAN

Trust: 2.52

sources: NVD: CVE-2015-0723 // JVNDB: JVNDB-2015-002714 // CNVD: CNVD-2015-03031 // BID: 74571 // VULHUB: VHN-78669

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03031

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.5.102.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.6.100.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.5.102.11

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:7.6.x

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.5.x

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.6.120

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.6.100.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.5.102.11

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.5.102.0

Trust: 0.3

sources: CNVD: CNVD-2015-03031 // BID: 74571 // JVNDB: JVNDB-2015-002714 // CNNVD: CNNVD-201505-086 // NVD: CVE-2015-0723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0723
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0723
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03031
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201505-086
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78669
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0723
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03031
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78669
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-03031 // VULHUB: VHN-78669 // JVNDB: JVNDB-2015-002714 // CNNVD: CNNVD-201505-086 // NVD: CVE-2015-0723

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-78669 // JVNDB: JVNDB-2015-002714 // NVD: CVE-2015-0723

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201505-086

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201505-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002714

PATCH
title:38749url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38749
Trust: 0.8
title:Cisco Wireless LAN Controller has an unspecified denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/58370
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03031 // 
            
            
            
            JVNDB: JVNDB-2015-002714

EXTERNAL IDS
db:NVDid:CVE-2015-0723
Trust: 3.4
db:SECTRACKid:1032277
Trust: 1.1
db:JVNDBid:JVNDB-2015-002714
Trust: 0.8
db:CNNVDid:CNNVD-201505-086
Trust: 0.7
db:CNVDid:CNVD-2015-03031
Trust: 0.6
db:SECUNIAid:64475
Trust: 0.6
db:BIDid:74571
Trust: 0.4
db:VULHUBid:VHN-78669
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03031 // 
            
            
            
            VULHUB: VHN-78669 // 
            
            
            
            BID: 74571 // 
            
            
            
            JVNDB: JVNDB-2015-002714 // 
            
            
            
            CNNVD: CNNVD-201505-086 // 
            
            
            
            NVD: CVE-2015-0723

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38749
Trust: 2.6
url:http://www.securitytracker.com/id/1032277
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0723
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0723
Trust: 0.8
url:http://secunia.com/advisories/64475
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03031 // 
            
            
            
            VULHUB: VHN-78669 // 
            
            
            
            BID: 74571 // 
            
            
            
            JVNDB: JVNDB-2015-002714 // 
            
            
            
            CNNVD: CNNVD-201505-086 // 
            
            
            
            NVD: CVE-2015-0723

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74571

SOURCES
db:CNVDid:CNVD-2015-03031
db:VULHUBid:VHN-78669
db:BIDid:74571
db:JVNDBid:JVNDB-2015-002714
db:CNNVDid:CNNVD-201505-086
db:NVDid:CVE-2015-0723

LAST UPDATE DATE
2024-11-23T22:38:52.661000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03031date:2015-05-14T00:00:00
db:VULHUBid:VHN-78669date:2017-01-06T00:00:00
db:BIDid:74571date:2015-05-08T00:00:00
db:JVNDBid:JVNDB-2015-002714date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-086date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0723date:2024-11-21T02:23:36.180

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03031date:2015-05-14T00:00:00
db:VULHUBid:VHN-78669date:2015-05-16T00:00:00
db:BIDid:74571date:2015-05-08T00:00:00
db:JVNDBid:JVNDB-2015-002714date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-086date:2015-05-12T00:00:00
db:NVDid:CVE-2015-0723date:2015-05-16T14:59:01.203