CVE-2014-0703Race Condition in Cisco Wireless LAN Controller Software

CWE-362Race ConditionCWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.9%
top 23.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wireless LAN Controller Software
Timeline
PublishedMar 6
Latest updateMay 17

Description

Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/wireless_lan_controller_software7.4.100.0, 7.4.100.60+1

🔴Vulnerability Details

2
GHSA
GHSA-h9c9-7pc5-rxr8: Cisco Wireless LAN Controller (WLC) devices 72022-05-17
CVEList
CVE-2014-0703: Cisco Wireless LAN Controller (WLC) devices 72014-03-06

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Wireless LAN Controllers2014-03-06
CVE-2014-0703 — Race Condition in Cisco | cvebase