Cisco Wireless LAN Controller Software 8.4 IPv4 Fragment IPv4 Packet resource management

Summaryinfo

A vulnerability classified as problematic has been found in Cisco Wireless LAN Controller Software 8.4. This impacts an unknown function of the component IPv4 Fragment Handler. Performing a manipulation as part of IPv4 Packet results in resource management. This vulnerability is identified as CVE-2018-0252. The attack can be initiated remotely. There is not any exploit available. It is suggested to use restrictive firewalling.

Detailsinfo

A vulnerability, which was classified as problematic, was found in Cisco Wireless LAN Controller Software 8.4 (Wireless LAN Software). This affects some unknown processing of the component IPv4 Fragment Handler. The manipulation as part of a IPv4 Packet leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. The summary by CVE is:

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222.

The bug was discovered 05/02/2018. The weakness was released 05/02/2018 as cisco-sa-20180502-wlc-ip as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. This vulnerability is uniquely identified as CVE-2018-0252 since 11/27/2017. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 109728 (Cisco Wireless LAN Controller Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316259 (Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability (cisco-sa-20180502-wlc-ip)).

It is possible to mitigate the weakness by firewalling . A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (109728). Entries connected to this vulnerability are available at VDB-117284, VDB-117285 and VDB-117286. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Wireless LAN Software

Vendor

• Cisco

Name

• Wireless LAN Controller Software

Version

• 8.4

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion