CVE-2017-12275Improper Input Validation in Cisco Wireless LAN Controller

CWE-20Improper Input Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.3%
top 50.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wireless LAN Controller
Timeline
PublishedNov 2
Latest updateMay 13

Description

A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulner

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_wireless_lan_controllerCisco Wireless LAN Controller

🔴Vulnerability Details

2
GHSA
GHSA-fv9c-8f5w-w2rc: A vulnerability in the implementation of 8022022-05-13
CVEList
CVE-2017-12275: A vulnerability in the implementation of 8022017-11-02

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability2017-11-01
CVE-2017-12275 — Improper Input Validation in Cisco | cvebase