==================================================================== CERT-Renater Note d'Information No. 2017/VULN323 _____________________________________________________________________ DATE : 02/11/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco Wireless LAN Controller Software versions prior to 8.0.152.0, 8.2.164.0, 8.3.132.0, 8.4.100.0, 8.5.110.0. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1 ____________________________________________________________________ Cisco Security Advisory: Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability Advisory ID: cisco-sa-20171101-wlc2 Revision: 1.0 For Public Release: 2017 November 1 16:00 GMT Last Updated: 2017 November 1 16:00 GMT CVE ID(s): CVE-2017-12275 CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"] ____________________________________________________________________ Cisco Security Advisory: Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability Advisory ID: cisco-sa-20171101-wlc1 Revision: 1.0 For Public Release: 2017 November 1 16:00 GMT Last Updated: 2017 November 1 16:00 GMT CVE ID(s): CVE-2017-12278 CVSS Score v(3): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"] ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================