—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability
Advisory ID: cisco-sa-20170405-wlc
Revision: 1.0
For Public Release: 2017 April 5 16:00 GMT
Last Updated: 2017 April 5 16:00 GMT
CVE ID(s): CVE-2016-9194
CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
+———————————————————————
Summary
=======
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJY5RT8ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHljGQ//aM3M/FaDJM/AnQzL
HvYjDq/6+yHA6gyJZBah63faf/UKxd7a17aOFGRwE0Qn45Ig36orrkbtdq9UqiYF
P4tJrTw18i7k2PJazSQZXJE/X5OEHsaz3KHvmIkeT6oN6nEMFnmLVo6TlY0rCAMV
hY7ZqbNKFr5Pt/wdpqEbxOJl9++pN2kIkcZYJhQxnQ8UCjt3wB7ZyRGcmDdF4XxO
Mjy+szi96qFyHSP2xPPhgBPcBOePohMyK7rd/4/UVzc/0m2Y0g3sCOYDgWn4vxQ/
ZgHcjxlsmmV6TGyUTP/J9olcwE+MIwx5HXRgiuvkR01jbeZ2eyguFTwgXXfUDvIF
VuG3CDXyFk2XcG0aZZl/7HXFo7Ikb1OjVxLdX8Za4pi6fiatl3mofzjt1Dum+1t9
cZBm4OG67d43HBFTGYbeO6ZWkWfgUjWt1JYvvmdLoXmOoQxoG8+g7c05U3VzkUKK
YH0fgI8UtVkrTUyvzA8tluKf42JOsgQC14sVxx647YdDWtio/VU5F7+5gzuFWGjh
9riUomQsEfNbCRConO9q+d/sPpdloJsfQBjWZPtnDXAOsXHgcrJ77CysvaWRKbnn
OkVJD1kqHY5dUG+kogWAbPPboPspFbQaC6Ua6diipR9+EwF7el6PSML0izKmU5jv
1LLR9voA+EEY9PCe7ok0O1K9uVo=
=HyFj
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
