CVE-2009-0059Improper Input Validation in Cisco 4400 Wireless LAN Controller

CWE-20Improper Input ValidationCWE-264CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.0%
top 23.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco 4400 Wireless LAN ControllerCisco Catalyst 3750 Series Integrated Wireless LAN ControllerCisco Catalyst 6500 Series Integrated Wireless LAN Controller+2 more
Timeline
PublishedFeb 5
Latest updateMay 2

Description

The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages5 packages

🔴Vulnerability Details

2
GHSA
GHSA-rx2v-3wf7-5g3c: The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controll2022-05-02
CVEList
CVE-2009-0059: The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controll2009-02-05

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Wireless LAN Controllers2009-02-04
CVE-2009-0059 — Improper Input Validation in Cisco | cvebase