Details of VAR-201704-0977

ID

VAR-201704-0977

CVE

CVE-2016-9219

TITLE

Cisco Wireless LAN Controller Input validation vulnerability in other software

Trust: 0.8

sources: JVNDB: JVNDB-2016-008278

DESCRIPTION

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592. Vendors have confirmed this vulnerability Bug ID CSCva98592 It is released as.Service operation interruption (DoS) An attack may be carried out. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. Attackers can exploit this issue to cause denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2016-9219 // JVNDB: JVNDB-2016-008278 // CNVD: CNVD-2017-05587 // BID: 97423 // VULHUB: VHN-98039

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05587

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3.102.0	Trust: 1.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.2.121.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3	Trust: 0.9
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.2	Trust: 0.9
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.2.121.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.3.102.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.3.112.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.3.111.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.2.141.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.2.130.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.0.140.0	Trust: 0.3

sources: CNVD: CNVD-2017-05587 // BID: 97423 // JVNDB: JVNDB-2016-008278 // NVD: CVE-2016-9219 // CNNVD: CNNVD-201704-280

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-9219
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2017-05587
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-280
value:	HIGH
Trust: 0.6
VULHUB:	VHN-98039
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-9219
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-05587
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98039
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2016-9219
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-05587 // VULHUB: VHN-98039 // JVNDB: JVNDB-2016-008278 // NVD: CVE-2016-9219 // CNNVD: CNNVD-201704-280

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-98039 // JVNDB: JVNDB-2016-008278 // NVD: CVE-2016-9219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-280

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 97423 // CNNVD: CNNVD-201704-280

CONFIGURATIONS

sources: NVD: CVE-2016-9219

PATCH

title:	cisco-sa-20170405-wlc2	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-wlc2	Trust: 0.8
title:	Patch for Cisco WirelessLANController Denial of Service Vulnerability (CNVD-2017-05587)	url:	https://www.cnvd.org.cn/patchinfo/show/92875	Trust: 0.6
title:	Cisco Wireless LAN Controller Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73803	Trust: 0.6

sources: CNVD: CNVD-2017-05587 // JVNDB: JVNDB-2016-008278 // CNNVD: CNNVD-201704-280

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9219	Trust: 3.4
db:	BID	id:	97423	Trust: 2.6
db:	SECTRACK	id:	1038183	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-008278	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-280	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05587	Trust: 0.6
db:	VULHUB	id:	VHN-98039	Trust: 0.1

sources: CNVD: CNVD-2017-05587 // VULHUB: VHN-98039 // BID: 97423 // JVNDB: JVNDB-2016-008278 // NVD: CVE-2016-9219 // CNNVD: CNNVD-201704-280

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-wlc2	Trust: 2.6
url:	http://www.securityfocus.com/bid/97423	Trust: 1.7
url:	http://www.securitytracker.com/id/1038183	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9219	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9219	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2017-05587 // VULHUB: VHN-98039 // BID: 97423 // JVNDB: JVNDB-2016-008278 // NVD: CVE-2016-9219 // CNNVD: CNNVD-201704-280

CREDITS

Cisco

Trust: 0.3

sources: BID: 97423

SOURCES

db:	CNVD	id:	CNVD-2017-05587
db:	VULHUB	id:	VHN-98039
db:	BID	id:	97423
db:	JVNDB	id:	JVNDB-2016-008278
db:	NVD	id:	CVE-2016-9219
db:	CNNVD	id:	CNNVD-201704-280

LAST UPDATE DATE

2023-12-18T13:14:19.610000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05587	date:	2017-04-28T00:00:00
db:	VULHUB	id:	VHN-98039	date:	2017-07-12T00:00:00
db:	BID	id:	97423	date:	2017-04-11T01:03:00
db:	JVNDB	id:	JVNDB-2016-008278	date:	2017-05-10T00:00:00
db:	NVD	id:	CVE-2016-9219	date:	2021-04-16T17:27:00.030
db:	CNNVD	id:	CNNVD-201704-280	date:	2021-04-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05587	date:	2017-04-27T00:00:00
db:	VULHUB	id:	VHN-98039	date:	2017-04-06T00:00:00
db:	BID	id:	97423	date:	2017-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-008278	date:	2017-05-10T00:00:00
db:	NVD	id:	CVE-2016-9219	date:	2017-04-06T18:59:00.260
db:	CNNVD	id:	CNNVD-201704-280	date:	2017-04-06T00:00:00