This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security update.
The remote Cisco Wireless LAN Controller (WLC) is affected by one or
more of the following vulnerabilities :
- Errors exist related to the handling of specially
crafted ethernet 802.11 frames that could allow denial
of service attacks. (CSCue87929, CSCuf80681)
- An error exists related to the handling of WebAuth
logins that could allow denial of service attacks.
- An error exists related to the unintended enabling of
the HTTP administrative interface on Aironet access
points due to flaws in the IOS code pushed to them by
the controller. (CSCuf66202)
- A memory over-read error exists related to IGMP
handling that could allow denial of service attacks.
- An error exists related to the multicast listener
discovery (MLD) service and malformed MLD version 2
message handling that could allow denial of service
See also :
Apply the relevant mitigation steps or apply the patch referenced in
Cisco Security Advisory cisco-sa-20140305-wlc.
Note that Cisco 2000 Series WLC, Cisco 4100 Series WLC, Cisco
NM-AIR-WLC, and Cisco 500 Series Wireless Express Mobility Controllers
have reached end-of-software maintenance. Contact the vendor for
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true