Cisco Bug: CSCuo12321 - Wireless LAN Controller CDP Denial of Service Vulnerability
Aug 11, 2015
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
7.5(102.0) 7.6(100.16) 7.6(110.0)
Symptom: A vulnerability in the Cisco Discovery Protocol (CDP) subsystem of Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.. The vulnerability is due to a failure to properly check for certain NULL values present in a CDP packet. An attacker could exploit this vulnerability by by submitting crafted CDP requests to an affected device. The attacker would then need to convince a user to preform an SNMP poll of the affected MIB.. An attacker that can convince a user to preform an SNMP poll of the affected MIB could trigger a NULL Pointer error that results in a restart of the device. This vulnerability affects versions 7.5, 126.96.36.199, and 188.8.131.52 only. Conditions: Cisco Wireless LAN Controller running an affected version of CDP software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases