====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN103
_____________________________________________________________________

DATE                : 06/04/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco Wireless LAN Controller (WLC) Software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3
____________________________________________________________________

Cisco Security Advisory: Cisco Wireless LAN Controller 802.11 WME
Denial of Service Vulnerability

Advisory ID: cisco-sa-20170405-wlc

Revision: 1.0

For Public Release: 2017 April 5 16:00 GMT

Last Updated: 2017 April 5 16:00 GMT

CVE ID(s): CVE-2016-9194

CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action
frame processing in Cisco Wireless LAN Controller (WLC) Software could
allow an unauthenticated, adjacent attacker to cause a denial of
service (DoS) condition.

The vulnerability is due to incomplete input validation of the 802.11
WME packet header. An attacker could exploit this vulnerability by
sending malformed 802.11 WME frames to a targeted device. A successful
exploit could allow the attacker to cause the WLC to reload
unexpectedly.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"]

____________________________________________________________________


Cisco Security Advisory: Cisco Wireless LAN Controller IPv6 UDP Denial
of Service Vulnerability

Advisory ID: cisco-sa-20170405-wlc2

Revision: 1.0

For Public Release: 2017 April 5 16:00 GMT

Last Updated: 2017 April 5 16:00 GMT

CVE ID(s): CVE-2016-9219

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability with IPv6 UDP ingress packet processing in Cisco
Wireless LAN Controller (WLC) Software could allow an unauthenticated,
remote attacker to cause an unexpected reload of the device.

The vulnerability is due to incomplete IPv6 UDP header validation. An
attacker could exploit this vulnerability by sending a crafted IPv6 UDP
packet to a specific port on the targeted device. An exploit could
allow the attacker to impact the availability of the device as it could
unexpectedly reload.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2"]

____________________________________________________________________

Cisco Security Advisory: Cisco Wireless LAN Controller Management GUI
Denial of Service Vulnerability

Advisory ID: cisco-sa-20170405-wlc3

Revision: 1.0

For Public Release: 2017 April 5 16:00 GMT

Last Updated: 2017 April 5 16:00 GMT

CVE ID(s): CVE-2017-3832

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web management interface of Cisco Wireless LAN
Controller (WLC) Software could allow an unauthenticated, remote
attacker to cause a denial of service (DoS) condition on an affected
device.

The vulnerability is due to a missing internal handler for the specific
request. An attacker could exploit this vulnerability by accessing a
specific hidden URL on the web management interface. A successful
exploit could allow the attacker to cause a reload of the device,
resulting in a DoS condition.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3"]


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================