CVE-2014-3291
Description
A crafted Cisco Discovery Protocol packet with a zero value causes a NULL pointer dereference in Cisco WLC during SNMP polling, leading to device restart.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted Cisco Discovery Protocol packet with a zero value causes a NULL pointer dereference in Cisco WLC during SNMP polling, leading to device restart.
Vulnerability
Cisco Wireless LAN Controller (WLC) devices are vulnerable to a denial-of-service condition due to improper handling of a zero value in Cisco Discovery Protocol (CDP) packet data during SNMP polling. The bug, identified as CSCuo12321, triggers a NULL pointer dereference when the device processes a CDP packet containing a zero value while an SNMP poll is in progress. All WLC versions at the time of disclosure are potentially affected [1].
Exploitation
An attacker must be able to send a crafted CDP packet to the target WLC from an adjacent network segment. The packet must contain a zero value in a specific field. The vulnerability is triggered when the WLC subsequently performs SNMP polling, which causes the NULL pointer dereference. No authentication or user interaction is required beyond network access [1].
Impact
Successful exploitation results in a denial-of-service condition, causing the WLC to restart. This disrupts wireless network services until the device recovers. The impact is limited to availability; no data confidentiality or integrity is compromised [1].
Mitigation
No mitigation or fixed version is disclosed in the available references. Cisco may have released a software update via normal support channels; users should consult the Cisco Security Advisory for CVE-2014-3291 for the latest information [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- www.securityfocus.com/bid/67926nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1030410nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/57895nvdPermissions Required
News mentions
0No linked articles in our index yet.