Cisco Wireless LAN Controller Multiple Vulnerabilities

medium Nessus Plugin ID 94108

Synopsis

The remote device is missing vendor-supplied security patches.

Description

According to its self-reported version, the remote Cisco Wireless LAN Controller (WLC) device is affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the traffic streams metrics (TSM) implementation using Inter-Access Point Protocol (IAPP). An unauthenticated, adjacent attacker can exploit this to cause a device restart by sending specially crafted IAPP packets which are subsequently followed by an SNMP request for TSM information. (CVE-2016-6375)

- A denial of service vulnerability exists in the Cisco Adaptive Wireless Intrusion Prevention System (wIPS) implementation due to improper validation of wIPS packets. An unauthenticated, adjacent attacker can exploit this, via specially crafted wIPS packets, to cause the device to restart. (CVE-2016-6376)

Solution

Apply the relevant patches referenced in Cisco bug ID CSCuz40221 and CSCuz40263.

See Also

http://www.nessus.org/u?470657bf

http://www.nessus.org/u?1a4df7fe

Plugin Details

Severity: Medium

ID: 94108

File Name: cisco-sa-20160831-wlc.nasl

Version: 1.9

Type: combined

Family: CISCO

Published: 10/18/2016

Updated: 8/20/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:wireless_lan_controller_software, cpe:/h:cisco:wireless_lan_controller

Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port

Exploit Ease: No known exploits are available

Patch Publication Date: 8/31/2016

Vulnerability Publication Date: 8/31/2016

Reference Information

CVE: CVE-2016-6375, CVE-2016-6376

BID: 92712, 92716