CVE-2014-0703

2014-03-0611:55:05

CWE-362

cisco

web.nvd.nist.gov

cisco

wireless lan controller

wlc

aironet

ios software

race condition

access restrictions

cve-2014-0703

bug id cscuf66202

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

74.5%

JSON

Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.

Affected configurations

Nvd

Node

ciscowireless_lan_controller_softwareMatch7.4.100.0

ciscowireless_lan_controller_softwareMatch7.4.100.60

AND

ciscowireless_lan_controller

VendorProductVersionCPE
ciscowireless_lan_controller_software7.4.100.0cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:*:*:*:*:*:*:*
ciscowireless_lan_controller_software7.4.100.60cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:*:*:*:*:*:*:*
ciscowireless_lan_controller*cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	wireless_lan_controller_software	7.4.100.0	cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.0:::::::*
cisco	wireless_lan_controller_software	7.4.100.60	cpe:2.3:o:cisco:wireless_lan_controller_software:7.4.100.60:::::::*
cisco	wireless_lan_controller	*	cpe:2.3:h:cisco:wireless_lan_controller::::::::