CVE-2014-0704

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller versions 4.x through 7.3, except version 7.0.250.0 and later

Description The issue is related to the implementation of IGMP for Cisco Wireless LAN Controller devices when IGMPv3 Snooping is enabled. It allows remote attackers to cause a denial of service, including memory over-read and device restart, by using a specially crafted field in an IGMPv3 message.

Recommendations For versions 4.x through 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, update to version 7.0.250.0 or later to resolve the issue. As a temporary workaround, consider disabling IGMPv3 Snooping until a patch is available. Restrict access to the device to minimize the risk of exploitation.