PT-2014-1314 · Cisco · Cisco Wireless Lan Controller+3

Published

2014-03-05

·

Updated

2014-03-07

·

CVE-2014-0703

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) devices versions 7.4 before 7.4.110.0
Description The issue is related to a race condition in the status of the administrative HTTP server in Aironet IOS software distributed by Cisco Wireless LAN Controller (WLC) devices. This allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which the administrative HTTP server had been disabled ineffectively.
Recommendations For versions 7.4 before 7.4.110.0, update to version 7.4.110.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative HTTP server on Aironet access points to minimize the risk of exploitation.

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2015-00138
BDU:2015-00139
BDU:2015-00140
BDU:2015-00141
BDU:2015-00142
BDU:2015-00143
CVE-2014-0703

Affected Products

Aironet Ios
Aironet Access Point
Cisco Wireless Lan Controller
Cisco Wls