VAR-201406-0308
Vulnerability from variot - Updated: 2025-04-13 23:27Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. Vendors have confirmed this vulnerability Bug ID CSCuo12321 It is released as. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. Attackers can exploit this issue to restart the affected device, denying service to legitimate users. The vulnerability stems from the fact that the program does not properly check for null values in Cisco Discovery Protocol packets
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless lan controller",
"scope": null,
"trust": 2.0,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "wireless lan controller software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "7.6(.100.0)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:wireless_lan_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:wireless_lan_controller_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "67926"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2014-3291",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CNVD-2014-03523",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-71231",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3291",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3291",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03523",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71231",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3291",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "VULHUB",
"id": "VHN-71231"
},
{
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. Vendors have confirmed this vulnerability Bug ID CSCuo12321 It is released as. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. \nAttackers can exploit this issue to restart the affected device, denying service to legitimate users. The vulnerability stems from the fact that the program does not properly check for null values \u200b\u200bin Cisco Discovery Protocol packets",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3291"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "BID",
"id": "67926"
},
{
"db": "VULHUB",
"id": "VHN-71231"
},
{
"db": "VULMON",
"id": "CVE-2014-3291"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3291",
"trust": 3.5
},
{
"db": "BID",
"id": "67926",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1030410",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "57895",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-102",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03523",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20140606 CISCO WIRELESS LAN CONTROLLER CISCO DISCOVERY PROTOCOL DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71231",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3291",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "VULHUB",
"id": "VHN-71231"
},
{
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"db": "BID",
"id": "67926"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"id": "VAR-201406-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "VULHUB",
"id": "VHN-71231"
}
],
"trust": 1.2343109399999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
}
]
},
"last_update_date": "2025-04-13T23:27:38.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"title": "34558",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"title": "Patch for Cisco Wireless LAN Controller Denial of Service Leak (CNVD-2014-03523)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/46233"
},
{
"title": "Cisco: Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20140609-CVE-2014-3291"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71231"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3291"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/67926"
},
{
"trust": 1.2,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34558"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1030410"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/57895"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3291"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3291"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140609-cve-2014-3291"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "VULHUB",
"id": "VHN-71231"
},
{
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"db": "BID",
"id": "67926"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"db": "VULHUB",
"id": "VHN-71231"
},
{
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"db": "BID",
"id": "67926"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"date": "2014-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71231"
},
{
"date": "2014-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"date": "2014-06-06T00:00:00",
"db": "BID",
"id": "67926"
},
{
"date": "2014-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"date": "2014-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"date": "2014-06-08T16:55:02.877000",
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03523"
},
{
"date": "2016-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-71231"
},
{
"date": "2016-09-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3291"
},
{
"date": "2014-06-13T04:12:00",
"db": "BID",
"id": "67926"
},
{
"date": "2014-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002789"
},
{
"date": "2014-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-102"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Wireless LAN Controller Service disruption on devices (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002789"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-102"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…