Detections
Analytics
Cisco Wireless LAN Controller Multiple Vulnerabilities
medium Nessus Plugin ID 94108
Language:
Synopsis
The remote device is missing vendor-supplied security patches.Description
According to its self-reported version, the remote Cisco Wireless LAN Controller (WLC) device is affected by multiple vulnerabilities :- A denial of service vulnerability exists in the traffic streams metrics (TSM) implementation using Inter-Access Point Protocol (IAPP). An unauthenticated, adjacent attacker can exploit this to cause a device restart by sending specially crafted IAPP packets which are subsequently followed by an SNMP request for TSM information. (CVE-2016-6375)
- A denial of service vulnerability exists in the Cisco Adaptive Wireless Intrusion Prevention System (wIPS) implementation due to improper validation of wIPS packets. An unauthenticated, adjacent attacker can exploit this, via specially crafted wIPS packets, to cause the device to restart. (CVE-2016-6376)
Solution
Apply the relevant patches referenced in Cisco bug ID CSCuz40221 and CSCuz40263.See Also
Plugin Details
Severity: Medium
ID: 94108
File Name: cisco-sa-20160831-wlc.nasl
Version: 1.9
Type: combined
Family: CISCO
Published: 10/18/2016
Updated: 8/20/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 4.5
Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:wireless_lan_controller_software, cpe:/h:cisco:wireless_lan_controller
Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port
Exploit Ease: No known exploits are available
Patch Publication Date: 8/31/2016
Vulnerability Publication Date: 8/31/2016
Reference Information
CVE: CVE-2016-6375, CVE-2016-6376
CISCO-SA: cisco-sa-20160831-wlc-1, cisco-sa-20160831-wlc-2
CISCO-BUG-ID: CSCuz40221, CSCuz40263