PT-2014-1314 · Cisco · Cisco Wireless Lan Controller+3

Publicado

2014-03-05

Atualizado

2014-03-07

CVE-2014-0703

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) devices versions 7.4 before 7.4.110.0

Description The issue is related to a race condition in the status of the administrative HTTP server in Aironet IOS software distributed by Cisco Wireless LAN Controller (WLC) devices. This allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which the administrative HTTP server had been disabled ineffectively.

Recommendations For versions 7.4 before 7.4.110.0, update to version 7.4.110.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative HTTP server on Aironet access points to minimize the risk of exploitation.

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

BDU:2015-00138

BDU:2015-00139

BDU:2015-00140

BDU:2015-00141

BDU:2015-00142

BDU:2015-00143

CVE-2014-0703

Produtos afetados

Aironet Ios

Aironet Access Point

Cisco Wireless Lan Controller

Cisco Wls

PT-2014-1314 · Cisco · Cisco Wireless Lan Controller+3

CVE-2014-0703

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11