Details of VAR-201704-0486

ID

VAR-201704-0486

CVE

CVE-2016-9194

TITLE

Cisco Wireless LAN Controller Software management resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008277

DESCRIPTION

A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353. Vendors have confirmed this vulnerability Bug ID CSCva86353 It is released as.Service operation interruption (DoS) An attack may be carried out. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This product provides functions such as security policy and intrusion detection in wireless LAN

Trust: 2.52

sources: NVD: CVE-2016-9194 // JVNDB: JVNDB-2016-008277 // CNVD: CNVD-2017-04995 // BID: 97424 // VULHUB: VHN-98014

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04995

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.0.30220.385	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.1_base	Trust: 1.6
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	98.218	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4.100.60	Trust: 1.6
vendor:	cisco	model:	wireless lan controller 7.4	scope:	eq	version:	1.54	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.5_base	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4.110.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.100.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.121.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.0_base	Trust: 1.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4_base	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.1	scope:	eq	version:	91.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.3.112	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 6.0	scope:	eq	version:	196.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.2	scope:	eq	version:	103.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 6.0	scope:	eq	version:	202.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.110.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4.1.1	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.120.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.4	scope:	eq	version:	1.19	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.100	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.130.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.1.62	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	250.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.3.103.8	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.3.101.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.3_base	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	220.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4.121.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.2.169.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 6.0	scope:	eq	version:	199.4	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	6.0_base	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1.111.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1.122.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.4.100	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 6.0	scope:	eq	version:	182.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	98.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.72.140	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.2.157.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.120.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	240.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1.104.37	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 6.0	scope:	eq	version:	188.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	116.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.0	scope:	eq	version:	252.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller 7.4	scope:	eq	version:	140.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1.130.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.5.102.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0.115.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.2_base	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.5.102.11	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	6.0.1994	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	6.0.182.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.2.1690	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.1.1600	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.1.1520	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.0.1482	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.1820	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.1740	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.1170	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.990	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.610	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.1.1850	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.1.1810	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.2190	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.2170	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.2060	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.196	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.1798	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.17911	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.108	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3.111.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3.102.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.2.130.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0.132.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.6	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.4.1.54	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.4	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.3.101.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.2.110.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.2.103.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.1.91.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.0.98.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.0.235.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.0.220.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	6.0.199.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	6.0.196.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	6.0.188.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	6.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.2.157.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.1.151.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.0.148.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.176.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.173.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.130.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2.112.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.1.171.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.155.5	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.155.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	3.2.116.21	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.3.112.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.2.141.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.0.140.0	Trust: 0.3

sources: CNVD: CNVD-2017-04995 // BID: 97424 // JVNDB: JVNDB-2016-008277 // CNNVD: CNNVD-201704-281 // NVD: CVE-2016-9194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9194
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9194
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04995
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-281
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98014
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9194
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04995
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98014
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9194
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04995 // VULHUB: VHN-98014 // JVNDB: JVNDB-2016-008277 // CNNVD: CNNVD-201704-281 // NVD: CVE-2016-9194

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-98014 // JVNDB: JVNDB-2016-008277 // NVD: CVE-2016-9194

THREAT TYPE

network

Trust: 0.3

sources: BID: 97424

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-281

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008277

PATCH

title:	cisco-sa-20170405-wlc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc	Trust: 0.8
title:	Patch for Cisco WirelessLANController Denial of Service Vulnerability (CNVD-2017-04995)	url:	https://www.cnvd.org.cn/patchInfo/show/92334	Trust: 0.6
title:	Cisco Wireless LAN Controller Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73804	Trust: 0.6

sources: CNVD: CNVD-2017-04995 // JVNDB: JVNDB-2016-008277 // CNNVD: CNNVD-201704-281

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9194	Trust: 3.4
db:	BID	id:	97424	Trust: 2.0
db:	SECTRACK	id:	1038182	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-008277	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-281	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04995	Trust: 0.6
db:	NSFOCUS	id:	36313	Trust: 0.6
db:	VULHUB	id:	VHN-98014	Trust: 0.1

sources: CNVD: CNVD-2017-04995 // VULHUB: VHN-98014 // BID: 97424 // JVNDB: JVNDB-2016-008277 // CNNVD: CNNVD-201704-281 // NVD: CVE-2016-9194

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-wlc	Trust: 2.6
url:	http://www.securityfocus.com/bid/97424	Trust: 1.1
url:	http://www.securitytracker.com/id/1038182	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9194	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9194	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36313	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2017-04995 // VULHUB: VHN-98014 // BID: 97424 // JVNDB: JVNDB-2016-008277 // CNNVD: CNNVD-201704-281 // NVD: CVE-2016-9194

CREDITS

Cisco

Trust: 0.3

sources: BID: 97424

SOURCES

db:	CNVD	id:	CNVD-2017-04995
db:	VULHUB	id:	VHN-98014
db:	BID	id:	97424
db:	JVNDB	id:	JVNDB-2016-008277
db:	CNNVD	id:	CNNVD-201704-281
db:	NVD	id:	CVE-2016-9194

LAST UPDATE DATE

2024-11-23T22:45:45.087000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04995	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-98014	date:	2017-07-12T00:00:00
db:	BID	id:	97424	date:	2017-04-11T00:03:00
db:	JVNDB	id:	JVNDB-2016-008277	date:	2017-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201704-281	date:	2017-08-31T00:00:00
db:	NVD	id:	CVE-2016-9194	date:	2024-11-21T03:00:46.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04995	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-98014	date:	2017-04-06T00:00:00
db:	BID	id:	97424	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2016-008277	date:	2017-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201704-281	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2016-9194	date:	2017-04-06T18:59:00.230