—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20190417-wlc-iapp
Revision: 1.0
For Public Release: 2019 April 17 16:00 GMT
Last Updated: 2019 April 17 16:00 GMT
CVE ID(s): CVE-2019-1796, CVE-2019-1799, CVE-2019-1800
CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
+———————————————————————
Summary
=======
Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerabilities exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerabilities by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJct1BaXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczNFIQAIgScAqjYa8j8nnP8kWatVhkOC2U
H9TYXtLGKff3mMsKQCN12G6F+DngvYx/YuRUYfLPFXO54A2vimPQDdwE1G70vRQU
bRR2FwP0M5vXIb3MGWVzf9AVtg+aPHjB6vcAfrkcZXdsQ8+IhFK3gvk2QMQ3tnv+
9O9g+SAIWsJwc5ncf/4PgSopRKgaF7A89CKV8sUD6i5u6y28NMLaBi1j5fxRMXPW
7va2GpLP7/D/gLDYsu9FHRDu/wY6aaQKlvAbWfbwz4jbYJNBs/URiVybQT/lw2yO
SNmH8V4ID02yesQKZAmWc1ApjjuQX/wqe08UV+pprl1qOvAocUz7HpgOu1TD+BPH
03Em6j16AFBq0rQqgekzpL568imN7J/YOXkZ0OtxKYHBH4f1BXX44S3lZsledmlI
rnOnvbDg82dGcxc41IgYcJuHORCXsW2vUnW5XVJ4vj71coKIepXybtfMwSvkIJ9B
fwcSY9WYcvADYHDurH748Uum7/ak6+6YEiXVhiHF9RKkHKRdFdcdkpwGzKYKtZq+
Ho6Du4kmPO/5g8nnV8QSK6/j0r1g2bDWm+1mzuq9mk2OB1KqkxUxyE/FUJW2iogg
ynYleUl0PYqGcCv1Xi/VhMAq58pyHqhEAhgCUF+P9+iJMD7Nb5t7Hhmi9JWJVdeZ
2uYJbjbGfyoR5rsP
=gqke
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com