CVE-2017-12278Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Wireless LAN Controller

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.8%
top 25.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wireless LAN Controller
Timeline
PublishedNov 2
Latest updateMay 13

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 cred

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_wireless_lan_controllerCisco Wireless LAN Controller

🔴Vulnerability Details

2
GHSA
GHSA-h92p-pf33-v4vm: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote atta2022-05-13
CVEList
CVE-2017-12278: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote atta2017-11-02

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability2017-11-01
CVE-2017-12278 — Cisco vulnerability | cvebase