Cisco Wireless LAN Controller Control/Provisioning Packet elévation de privilèges

Une vulnérabilité classée critique a été trouvée dans Cisco Wireless LAN Controller (Wireless LAN Software). Affecté par cette vulnérabilité est une fonction inconnue du composant Control/Provisioning. Mettre à jour élimine cette vulnérabilité.

Domaine16/04/2020 14:2416/04/2020 14:29
vendorCiscoCisco
nameWireless LAN ControllerWireless LAN Controller
componentControl/ProvisioningControl/Provisioning
input_typePacketPacket
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss3_meta_basescore8.08.0
cvss3_meta_tempscore7.77.7
cvss3_vuldb_basescore7.57.5
cvss3_vuldb_tempscore7.27.2
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aHH
date1586908800 (15/04/2020)1586908800 (15/04/2020)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEwhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw
identifiercisco-sa-wlc-capwap-dos-Y2sD9ucisco-sa-wlc-capwap-dos-Y2sD9u
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
cveCVE-2020-3262CVE-2020-3262
seealso153826153826
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_nvd_basescore8.68.6
typeWireless LAN Software
cwe020 (elévation de privilèges)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sC
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cve_assigned1576108800
cve_nvd_summaryA vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.

Do you want to use VulDB in your project?

Use the official API to access entries easily!