Details of VAR-201704-0487

ID

VAR-201704-0487

CVE

CVE-2016-9195

TITLE

Cisco Wireless LAN Controller Software RADIUS Change of Authorization Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008288

DESCRIPTION

A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3). Vendors have confirmed this vulnerability Bug ID CSCvb01835 It is released as.Service operation interruption (DoS) An attack may be carried out. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A denial of service vulnerability exists in Cisco WirelessLANController. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCvb01835. The vulnerability is caused by the program not performing sufficient input validation on the RADIUS CoA packet header

Trust: 2.52

sources: NVD: CVE-2016-9195 // JVNDB: JVNDB-2016-008288 // CNVD: CNVD-2017-04871 // BID: 97425 // VULHUB: VHN-98015

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04871

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3.102.0	Trust: 1.7
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.3.102.0	Trust: 1.6

sources: CNVD: CNVD-2017-04871 // BID: 97425 // JVNDB: JVNDB-2016-008288 // CNNVD: CNNVD-201704-443 // NVD: CVE-2016-9195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9195
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9195
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04871
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-443
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9195
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04871
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98015
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9195
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04871 // VULHUB: VHN-98015 // JVNDB: JVNDB-2016-008288 // CNNVD: CNNVD-201704-443 // NVD: CVE-2016-9195

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-98015 // JVNDB: JVNDB-2016-008288 // NVD: CVE-2016-9195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-443

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-443

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008288

PATCH

title:	cisco-sa-20170405-wlc1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1	Trust: 0.8
title:	Patch for CiscoWirelessLANController Denial of Service Vulnerability (CNVD-2017-04871)	url:	https://www.cnvd.org.cn/patchInfo/show/92085	Trust: 0.6
title:	Cisco Wireless LAN Controller Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69163	Trust: 0.6

sources: CNVD: CNVD-2017-04871 // JVNDB: JVNDB-2016-008288 // CNNVD: CNNVD-201704-443

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9195	Trust: 3.4
db:	BID	id:	97425	Trust: 2.0
db:	SECTRACK	id:	1038188	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-008288	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-443	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04871	Trust: 0.6
db:	NSFOCUS	id:	36312	Trust: 0.6
db:	VULHUB	id:	VHN-98015	Trust: 0.1

sources: CNVD: CNVD-2017-04871 // VULHUB: VHN-98015 // BID: 97425 // JVNDB: JVNDB-2016-008288 // CNNVD: CNNVD-201704-443 // NVD: CVE-2016-9195

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-wlc1	Trust: 2.0
url:	http://www.securityfocus.com/bid/97425	Trust: 1.7
url:	http://www.securitytracker.com/id/1038188	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9195	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9195	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36312	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2017-04871 // VULHUB: VHN-98015 // BID: 97425 // JVNDB: JVNDB-2016-008288 // CNNVD: CNNVD-201704-443 // NVD: CVE-2016-9195

CREDITS

Cisco

Trust: 0.3

sources: BID: 97425

SOURCES

db:	CNVD	id:	CNVD-2017-04871
db:	VULHUB	id:	VHN-98015
db:	BID	id:	97425
db:	JVNDB	id:	JVNDB-2016-008288
db:	CNNVD	id:	CNNVD-201704-443
db:	NVD	id:	CVE-2016-9195

LAST UPDATE DATE

2024-11-23T23:02:29.810000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04871	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-98015	date:	2017-07-12T00:00:00
db:	BID	id:	97425	date:	2017-04-11T00:03:00
db:	JVNDB	id:	JVNDB-2016-008288	date:	2017-05-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-443	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2016-9195	date:	2024-11-21T03:00:46.787

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04871	date:	2017-04-20T00:00:00
db:	VULHUB	id:	VHN-98015	date:	2017-04-07T00:00:00
db:	BID	id:	97425	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2016-008288	date:	2017-05-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-443	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2016-9195	date:	2017-04-07T17:59:00.183