CVE-2016-9194 - Vulnerability Details

A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Wireless Lan Controller Wireless Lan Controller 6.0 Wireless Lan Controller 7.0 Wireless Lan Controller 7.1 Wireless Lan Controller 7.2 Wireless Lan Controller 7.4

Configuration 1 [-]

OR	cpe:2.3:a:cisco:wireless_lan_controller:5.2.157.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:5.2.169.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:6.0_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.0_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.1_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.2_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.3.101.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.3.103.8:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.3.112:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.3_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.4.1.1:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.4.100:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.4.100.60:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.4.110.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.4.121.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.4_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.11:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.5_base:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.6.1.62:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.6.100.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.6.110.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.6.120.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:7.6.130.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.0.30220.385:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.72.140:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.100:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.115.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.120.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.0.121.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.1.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.1.104.37:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.1.111.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.1.122.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller:8.1.130.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_6.0:182.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_6.0:188.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_6.0:196.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_6.0:199.4:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_6.0:202.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.218:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:116.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:220.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:240.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:250.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.0:252.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.1:91.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.2:103.0:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.19:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.54:::::::*
	cpe:2.3:a:cisco:wireless_lan_controller_7.4:140.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97424
http://www.securitytracker.com/id/1038182
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-04-06T18:00:00

Updated: 2024-08-06T02:42:11.248Z

Reserved: 2016-11-06T00:00:00

Link: CVE-2016-9194

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-04-06T18:59:00.230

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-9194

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Wireless LAN Controller", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Wireless LAN Controller"}]}], "datePublic": "2017-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "97424", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97424"}, {"name": "1038182", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038182"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-9194", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Wireless LAN Controller", "version": {"version_data": [{"version_value": "Cisco Wireless LAN Controller"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "97424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97424"}, {"name": "1038182", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038182"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:11.248Z"}, "title": "CVE Program Container", "references": [{"name": "97424", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97424"}, {"name": "1038182", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038182"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-9194", "datePublished": "2017-04-06T18:00:00", "dateReserved": "2016-11-06T00:00:00", "dateUpdated": "2024-08-06T02:42:11.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.2.157.0:*:*:*:*:*:*:*", "matchCriteriaId": "906F9233-7DEF-4742-9AF3-50B6C231A9F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:5.2.169.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BE9F19D-1701-40BC-A374-111B5F38BE46", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:6.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "6BD7A5C2-6354-449D-B715-2E9FFDD2E6FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "3A1B0325-D287-4286-B7E9-DB148881D9E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.1_base:*:*:*:*:*:*:*", "matchCriteriaId": "D547FB25-6486-4A77-99E6-C8F8EA9D5407", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.2_base:*:*:*:*:*:*:*", "matchCriteriaId": "8FE090AB-88B8-4A42-9CED-FF54B2C812E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.101.0:*:*:*:*:*:*:*", "matchCriteriaId": "1538A4DA-6D77-4289-B47C-9BE2C7BDC036", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.103.8:*:*:*:*:*:*:*", "matchCriteriaId": "04FDC2A1-F522-440B-9C5E-18729C0C34E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3.112:*:*:*:*:*:*:*", "matchCriteriaId": "DE292FF9-9674-4251-9EF3-AD4A4F9CCC15", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.3_base:*:*:*:*:*:*:*", "matchCriteriaId": "B0782064-881F-4ADB-880A-E005AFFE5ADC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E6716-BBDC-43FB-8016-10281E360049", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.100:*:*:*:*:*:*:*", "matchCriteriaId": "E98435C2-EAD9-45BE-AE9A-CD1499F4239F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.100.60:*:*:*:*:*:*:*", "matchCriteriaId": "75473B22-A59F-471A-9DB8-8FA9FD504DC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.110.0:*:*:*:*:*:*:*", "matchCriteriaId": "12FD9D8F-2E52-4CA9-94BD-65F8B1FF26C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4.121.0:*:*:*:*:*:*:*", "matchCriteriaId": "05AEADF2-9986-432A-8416-1D138C8C94D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.4_base:*:*:*:*:*:*:*", "matchCriteriaId": "246EDF05-FF4B-47FB-9A72-6417F239F0EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2FE2157-DE6C-4002-A209-091457BFA7F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5.102.11:*:*:*:*:*:*:*", "matchCriteriaId": "B3CB2EE4-565E-4EC0-978C-80738C5F8307", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.5_base:*:*:*:*:*:*:*", "matchCriteriaId": "ED69F11C-153E-442B-8F7C-57961A25AAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.1.62:*:*:*:*:*:*:*", "matchCriteriaId": "C3D30E7A-4B2C-4A1E-B52C-C209757829F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.100.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB33D00D-7DCB-4150-9907-1365066F3767", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.110.0:*:*:*:*:*:*:*", "matchCriteriaId": "9051AFDE-A519-4701-9AD5-CBA7AEE46B0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.120.0:*:*:*:*:*:*:*", "matchCriteriaId": "354D3747-A6AB-41AA-8DD4-C17C0461EF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:7.6.130.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FE75C02-0E3E-4BA3-8E86-2FEA9EEB7E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6EA1478-B988-4DD7-A937-FB91FB0DEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.0.30220.385:*:*:*:*:*:*:*", "matchCriteriaId": "B467125C-5491-4066-A35A-891B78AD0A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.72.140:*:*:*:*:*:*:*", "matchCriteriaId": "13FACACE-CF96-474D-BA3E-F289BD96CF6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.100:*:*:*:*:*:*:*", "matchCriteriaId": "0E439FF8-91DE-43E9-BE65-59BCEC52F3BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.115.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B798E5A-E108-4465-BD2B-A2F4ADFDB363", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.120.0:*:*:*:*:*:*:*", "matchCriteriaId": "97971195-3E04-4AC1-95BC-479CE2CAB389", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.0.121.0:*:*:*:*:*:*:*", "matchCriteriaId": "031A8A69-4E46-4EE5-B0A8-0A74E7C66A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B00858F6-C0AD-4822-9990-E0126AB43EF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.104.37:*:*:*:*:*:*:*", "matchCriteriaId": "B6528ED0-853F-4475-AAD7-7F9B5E0DFE3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.111.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B83E372-CFD8-4DDD-80F7-E3128D0C5E72", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.122.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7D5A815-BA48-43A5-8CD4-2E580B2CB0D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller:8.1.130.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA6129F0-5195-41AC-AFF3-50518B1ADB9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:182.0:*:*:*:*:*:*:*", "matchCriteriaId": "55746AD1-5C44-4144-BBE3-53F4D654E57A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:188.0:*:*:*:*:*:*:*", "matchCriteriaId": "A74E0159-DA37-4AC2-8AA3-D6FA83F0DFF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:196.0:*:*:*:*:*:*:*", "matchCriteriaId": "B297FCF3-6FC4-4C0E-89A9-A760FF9A58CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:199.4:*:*:*:*:*:*:*", "matchCriteriaId": "F40022CC-A0AB-47EA-B089-9A3E66E49727", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_6.0:202.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED3D92BC-3052-4B3E-8152-ACFC8B507D47", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AEC6779-072A-43F2-AD75-9056D783B99D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:98.218:*:*:*:*:*:*:*", "matchCriteriaId": "88D96498-EF62-4B8E-AB8A-E326A306D473", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:116.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BA2A940-A36F-4903-9A9D-DB0269D01C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:220.0:*:*:*:*:*:*:*", "matchCriteriaId": "171F7669-64D7-4E1E-9766-86B5A1085B2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:240.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCCD4C58-E8A6-470C-8324-CAD6F149C87F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:250.0:*:*:*:*:*:*:*", "matchCriteriaId": "97458DAB-1E88-4552-92D0-2C14B074E8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.0:252.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FB2040D-5969-48D8-89FE-53C30B1483A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.1:91.0:*:*:*:*:*:*:*", "matchCriteriaId": "6075E464-5D78-492A-B85F-1C053E9B8CE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.2:103.0:*:*:*:*:*:*:*", "matchCriteriaId": "38F12EF1-A79E-446F-8A31-E188FF1C6B7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "225D1199-74C7-4AAB-A434-F03DE0D57539", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:1.54:*:*:*:*:*:*:*", "matchCriteriaId": "25A6025A-6BE3-4BCF-A884-2EE630752459", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_7.4:140.0:*:*:*:*:*:*:*", "matchCriteriaId": "B13ACDA7-F6C8-42E9-8748-14730F4D06D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353."}, {"lang": "es", "value": "Una vulnerabilidad en 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software podr\u00eda permitir que un atacante no autenticado adyacente, provoque una condici\u00f3n de denegaci\u00f3n de servicio(DoS). La vulnerabilidad se debe a la validaci\u00f3n de entrada incompleta del encabezado de paquete 802.11 WME. Un atacante podr\u00eda explotar esta vulnerabilidad enviando marcos malformados WME 802.11 a un dispositivo de destino. Un exploit exitoso podr\u00eda permitir al atacante hacer que el WLC se recargue inesperadamente. Las versiones fijas son 8.0.140.0, 8.2.130.0, y 8.3.111.0. Cisco Bug IDs: CSCva86353."}], "id": "CVE-2016-9194", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-06T18:59:00.230", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97424"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1038182"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object