Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability

medium Nessus Plugin ID 131230

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A denial of service (DoS) vulnerability exists in Cisco Wireless Lan Controller due to a HTTP Parsing Engine Vulnerability.
An unauthenticated, remote attacker can exploit this issue, via a HTTP request, to cause the device to stop responding.
Please see the included Cisco Bug IDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed version for your machine as referenced in Cisco bug ID CSCvp92098

See Also

http://www.nessus.org/u?8f68b41a

http://www.nessus.org/u?eafb222d

Plugin Details

Severity: Medium

ID: 131230

File Name: cisco-sa-20191106-wlc-dos.nasl

Version: 1.16

Type: combined

Family: CISCO

Published: 11/22/2019

Updated: 5/14/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2019-15276

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:wireless_lan_controller_software, cpe:/h:cisco:wireless_lan_controller

Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/6/2019

Vulnerability Publication Date: 11/6/2019

Reference Information

CVE: CVE-2019-15276

CWE: 20

CISCO-SA: cisco-sa-20191106-wlc-dos

IAVA: 2019-A-0424-S

CISCO-BUG-ID: CSCvp92098