CVE-2014-3291

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) devices (affected versions not specified)

Description A denial of service condition can be caused by an unauthenticated, adjacent attacker due to a failure to properly check for certain NULL values present in a Cisco Discovery Protocol packet. The attacker could exploit this by submitting crafted Cisco Discovery Protocol requests to an affected device and convincing a user to perform a Simple Network Management Protocol (SNMP) poll of the affected MIB, triggering a NULL pointer error that results in a restart of the device. The attacker must be on the same collision or broadcast domain as the targeted device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.