Cisco Wireless LAN Controller Multiple Vulnerabilities

critical Nessus Plugin ID 90893

Synopsis

The remote device is missing vendor-supplied security patches.

Description

According to its self-reported version, the remote Cisco Wireless LAN Controller (WLC) device is affected by multiple vulnerabilities :

- A denial of service vulnerability exists within the web-based device management interface of AireOS due to the presence of unsupported URLs that are not generally accessible from and supported by the management interface. An unauthenticated, remote attacker can exploit this, via a crafted HTTP request to one of these URLs, to cause the device to reload. (CVE-2016-1362)

- A buffer overflow condition exists in the redirection functionality due to a failure to properly validate user-supplied input when handling HTTP requests. An unauthenticated, remote attacker can exploit this, via a crafted request, to execute arbitrary code.
(CVE-2016-1363)

- A denial of service vulnerability exists due to improper handling of crafted Bonjour traffic, which allows an unauthenticated, remote attacker to cause the device to reload. (CVE-2016-1364)

Solution

Apply the relevant patches referenced in Cisco Bug ID CSCun86747, CSCur66908, and CSCus25617.

See Also

http://www.nessus.org/u?48a85f12

http://www.nessus.org/u?b44f6138

http://www.nessus.org/u?485267ab

https://seclists.org/bugtraq/2016/Apr/114

Plugin Details

Severity: Critical

ID: 90893

File Name: cisco-sa-20160420-htrd-bdos-wlc.nasl

Version: 1.10

Type: combined

Family: CISCO

Published: 5/4/2016

Updated: 8/20/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1363

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:wireless_lan_controller_software, cpe:/h:cisco:wireless_lan_controller

Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2016

Vulnerability Publication Date: 4/20/2016

Reference Information

CVE: CVE-2016-1362, CVE-2016-1363, CVE-2016-1364

BID: 86761, 86770, 86772