Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices
CVE-2014-0704

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Controller Software; Wireless Lan Controller
Vendor: CVE Published:; 6 March 2014

Summary

The IGMP implementation on Cisco Wireless LAN Controller devices versioned 4.x through 7.3 prior to 7.0.250.0 is susceptible to an attack when IGMPv3 Snooping is enabled. An attacker can exploit this vulnerability by sending a specially crafted IGMPv3 message, potentially leading to a denial of service condition characterized by memory over-reads and subsequent device restarts. This flaw is documented as Bug ID CSCuh33240, and it underscores the importance of updating affected devices to mitigate these risks.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Mar 6, 2014
Vulnerability Reserved
Jan 2, 2014