ID
VAR-201406-0308
CVE
CVE-2014-3291
TITLE
Cisco Wireless LAN Controller Service disruption on devices (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. Vendors have confirmed this vulnerability Bug ID CSCuo12321 It is released as. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. Attackers can exploit this issue to restart the affected device, denying service to legitimate users. The vulnerability stems from the fact that the program does not properly check for null values in Cisco Discovery Protocol packets
Trust: 2.61
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | wireless lan controller | scope: | - | version: | - | Trust: 2.0 |
| vendor: | cisco | model: | wireless lan controller | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | wireless lan controller software | scope: | lte | version: | 7.6(.100.0) | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.1 |
| problemtype: | CWE-Other | Trust: 0.8 |
THREAT TYPE
specific network environment
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291 | Trust: 0.8 |
| title: | 34558 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=34558 | Trust: 0.8 |
| title: | Patch for Cisco Wireless LAN Controller Denial of Service Leak (CNVD-2014-03523) | url: | https://www.cnvd.org.cn/patchInfo/show/46233 | Trust: 0.6 |
| title: | Cisco: Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140609-CVE-2014-3291 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-3291 | Trust: 3.5 |
| db: | BID | id: | 67926 | Trust: 2.1 |
| db: | SECTRACK | id: | 1030410 | Trust: 1.2 |
| db: | SECUNIA | id: | 57895 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2014-002789 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201406-102 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2014-03523 | Trust: 0.6 |
| db: | CISCO | id: | 20140606 CISCO WIRELESS LAN CONTROLLER CISCO DISCOVERY PROTOCOL DENIAL OF SERVICE VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-71231 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2014-3291 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3291 | Trust: 2.4 |
| url: | http://www.securityfocus.com/bid/67926 | Trust: 1.2 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=34558 | Trust: 1.2 |
| url: | http://www.securitytracker.com/id/1030410 | Trust: 1.2 |
| url: | http://secunia.com/advisories/57895 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3291 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3291 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140609-cve-2014-3291 | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-03523 |
| db: | VULHUB | id: | VHN-71231 |
| db: | VULMON | id: | CVE-2014-3291 |
| db: | BID | id: | 67926 |
| db: | JVNDB | id: | JVNDB-2014-002789 |
| db: | CNNVD | id: | CNNVD-201406-102 |
| db: | NVD | id: | CVE-2014-3291 |
LAST UPDATE DATE
2025-04-13T23:27:38.063000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-03523 | date: | 2014-06-10T00:00:00 |
| db: | VULHUB | id: | VHN-71231 | date: | 2016-09-07T00:00:00 |
| db: | VULMON | id: | CVE-2014-3291 | date: | 2016-09-07T00:00:00 |
| db: | BID | id: | 67926 | date: | 2014-06-13T04:12:00 |
| db: | JVNDB | id: | JVNDB-2014-002789 | date: | 2014-06-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201406-102 | date: | 2014-06-09T00:00:00 |
| db: | NVD | id: | CVE-2014-3291 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-03523 | date: | 2014-06-10T00:00:00 |
| db: | VULHUB | id: | VHN-71231 | date: | 2014-06-08T00:00:00 |
| db: | VULMON | id: | CVE-2014-3291 | date: | 2014-06-08T00:00:00 |
| db: | BID | id: | 67926 | date: | 2014-06-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-002789 | date: | 2014-06-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201406-102 | date: | 2014-06-09T00:00:00 |
| db: | NVD | id: | CVE-2014-3291 | date: | 2014-06-08T16:55:02.877 |