CVE-2017-12280Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Wireless LAN Controller

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wireless LAN Controller
Timeline
PublishedNov 2
Latest updateMay 13

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CA

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5cisco/cisco_wireless_lan_controllerCisco Wireless LAN Controller

🔴Vulnerability Details

2
GHSA
GHSA-vxpc-2h97-6px9: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Contr2022-05-13
CVEList
CVE-2017-12280: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Contr2017-11-02

💥Exploits & PoCs

2
Exploit-DB
ZKTime Web Software 2.0 - Improper Access Restrictions2017-08-18
Exploit-DB
ZKTime Web Software 2.0 - Cross-Site Request Forgery2017-08-18

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability2017-11-01
CVE-2017-12280 — Cisco vulnerability | cvebase