Sign-up

ID

VAR-201607-0436


CVE

CVE-2016-1460


TITLE

Cisco Wireless LAN Controller Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004099

DESCRIPTION

Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. The product provides security policy, intrusion detection and other functions in the wireless LAN. There are security vulnerabilities in the Cisco WLC Appliance 7.4 (121.0) and 8.0 (0.30220.385) releases. Attackers can exploit this issue to crash and reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCun92979

Trust: 2.52

sources: NVD: CVE-2016-1460 // JVNDB: JVNDB-2016-004099 // CNVD: CNVD-2016-05658 // BID: 92158 // VULHUB: VHN-90279

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-05658

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0.0.30220.385

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.121.0

Trust: 1.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0(0.30220.385)

Trust: 0.9

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4(121.0)

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0(0.30220.385)

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4(121.0)

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4.121.0

Trust: 0.3

sources: CNVD: CNVD-2016-05658 // BID: 92158 // JVNDB: JVNDB-2016-004099 // CNNVD: CNNVD-201607-995 // NVD: CVE-2016-1460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1460
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1460
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-05658
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201607-995
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90279
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1460
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-05658
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90279
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1460
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-05658 // VULHUB: VHN-90279 // JVNDB: JVNDB-2016-004099 // CNNVD: CNNVD-201607-995 // NVD: CVE-2016-1460

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-90279 // JVNDB: JVNDB-2016-004099 // NVD: CVE-2016-1460

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201607-995

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201607-995

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004099

PATCH
title:cisco-sa-20160727-wlcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-wlc
Trust: 0.8
title:Cisco WirelessLANController Device Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/79883
Trust: 0.6
title:Cisco Wireless LAN Controller Repair measures for device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63333
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-05658 // 
            
            
            
            JVNDB: JVNDB-2016-004099 // 
            
            
            
            CNNVD: CNNVD-201607-995

EXTERNAL IDS
db:NVDid:CVE-2016-1460
Trust: 3.4
db:BIDid:92158
Trust: 1.4
db:SECTRACKid:1036468
Trust: 1.1
db:JVNDBid:JVNDB-2016-004099
Trust: 0.8
db:CNNVDid:CNNVD-201607-995
Trust: 0.7
db:CNVDid:CNVD-2016-05658
Trust: 0.6
db:VULHUBid:VHN-90279
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-05658 // 
            
            
            
            VULHUB: VHN-90279 // 
            
            
            
            BID: 92158 // 
            
            
            
            JVNDB: JVNDB-2016-004099 // 
            
            
            
            CNNVD: CNNVD-201607-995 // 
            
            
            
            NVD: CVE-2016-1460

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160727-wlc
Trust: 2.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1460
Trust: 1.4
url:http://www.securityfocus.com/bid/92158
Trust: 1.1
url:http://www.securitytracker.com/id/1036468
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1460
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-05658 // 
            
            
            
            VULHUB: VHN-90279 // 
            
            
            
            BID: 92158 // 
            
            
            
            JVNDB: JVNDB-2016-004099 // 
            
            
            
            CNNVD: CNNVD-201607-995 // 
            
            
            
            NVD: CVE-2016-1460

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 92158

SOURCES
db:CNVDid:CNVD-2016-05658
db:VULHUBid:VHN-90279
db:BIDid:92158
db:JVNDBid:JVNDB-2016-004099
db:CNNVDid:CNNVD-201607-995
db:NVDid:CVE-2016-1460

LAST UPDATE DATE
2024-11-23T23:12:35.707000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-05658date:2016-07-29T00:00:00
db:VULHUBid:VHN-90279date:2017-09-01T00:00:00
db:BIDid:92158date:2016-07-27T00:00:00
db:JVNDBid:JVNDB-2016-004099date:2016-08-01T00:00:00
db:CNNVDid:CNNVD-201607-995date:2016-07-28T00:00:00
db:NVDid:CVE-2016-1460date:2024-11-21T02:46:29.110

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-05658date:2016-07-29T00:00:00
db:VULHUBid:VHN-90279date:2016-07-28T00:00:00
db:BIDid:92158date:2016-07-27T00:00:00
db:JVNDBid:JVNDB-2016-004099date:2016-08-01T00:00:00
db:CNNVDid:CNNVD-201607-995date:2016-07-28T00:00:00
db:NVDid:CVE-2016-1460date:2016-07-28T01:59:41.727