CVE-2009-0058 — Improper Input Validation in Cisco 4400 Wireless LAN Controller

CWE-20 — Improper Input Validation CWE-264 CWE-3995 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 39.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco 4400 Wireless LAN Controller Cisco Catalyst 3750 Series Integrated Wireless LAN Controller Cisco Catalyst 6500 Series Integrated Wireless LAN Controller +2 more

Timeline

PublishedFeb 5

Latest updateMay 2

Description

The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages5 packages

▶NVDcisco/catalyst_3750_series_integrated_wireless_lan_controller4.1, 4.2, 5.2+2

▶NVDcisco/catalyst_6500_series_integrated_wireless_lan_controller4.1, 4.2, 5.2+2

▶NVDcisco/catalyst_7600_series_wireless_lan_controller4.1, 4.2, 5.2+2

▶NVDcisco/wireless_lan_controller_software4.1, 4.2, 5.2+2

▶NVDcisco/4400_wireless_lan_controller4.1, 4.2, 5.2+2

🔴Vulnerability Details

GHSA

GHSA-6hw6-9m3x-6cx9: The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controll↗2022-05-02

▶

CVEList

CVE-2009-0058: The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controll↗2009-02-05

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Wireless LAN Controllers↗2009-02-04

▶

💬Community

Bugzilla

CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)↗2009-07-13

▶