Denial of Service Vulnerability in Cisco Wireless LAN Controller
CVE-2018-0235

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Wireless Lan Controller
Vendor: CVE Published:; 2 May 2018

Summary

A flaw in the 802.11 frame validation feature of Cisco Wireless LAN Controller may permit an unauthenticated attacker located nearby to force a reload of the device. This situation arises from insufficient input validation on specific 802.11 management frames that the device processes from wireless clients. By dispatching a crafted 802.11 management frame, an attacker can exploit this vulnerability to trigger an unexpected reload of the affected device, leading to a denial of service situation. This issue is specific to Cisco Wireless LAN Controllers operating with Mobility Express Release 8.5.103.0.

Affected Version(s)

Cisco Wireless LAN Controller Cisco Wireless LAN Controller

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104080

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Nov 27, 2017