CVE-2014-0704 — Improper Input Validation in Cisco Wireless LAN Controller Software

CWE-399 CWE-20 — Improper Input Validation CWE-362 — Race Condition4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.4%

top 39.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Software

Timeline

PublishedMar 6

Latest updateMay 17

Description

The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/wireless_lan_controller_software53 versions+52

🔴Vulnerability Details

GHSA

GHSA-95g4-f79v-jpc6: The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4↗2022-05-17

▶

CVEList

CVE-2014-0704: The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4↗2014-03-06

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Wireless LAN Controllers↗2014-03-06

▶