This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security update.
The remote Cisco Wireless LAN Controller (WLC) is affected by one or
more of the following vulnerabilities :
- Errors exist related to the handling of specially
crafted ethernet 802.11 frames that could allow denial
of service attacks. (CSCue87929, CSCuf80681)
- An error exists related to the handling of WebAuth
logins that could allow denial of service attacks.
- An error exists related to the unintended enabling of
the HTTP administrative interface on Aironet access
points due to flaws in the IOS code pushed to them by
the controller. (CSCuf66202)
- A memory over-read error exists related to IGMP
handling that could allow denial of service attacks.
- An error exists related to the multicast listener
discovery (MLD) service and malformed MLD version 2
message handling that could allow denial of service
See also :
Apply the relevant mitigation steps or apply the patch referenced in
Cisco Security Advisory cisco-sa-20140305-wlc.
Note that Cisco 2000 Series WLC, Cisco 4100 Series WLC, Cisco
NM-AIR-WLC, and Cisco 500 Series Wireless Express Mobility Controllers
have reached end-of-software maintenance. Contact the vendor for
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Nessus Plugin ID: 73018 ()
Bugtraq ID: 659776598065982659836598565986
CVE ID: CVE-2014-0701CVE-2014-0703CVE-2014-0704CVE-2014-0705CVE-2014-0706CVE-2014-0707
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.