CVE-2015-0679

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 41.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Software

Timeline

PublishedMar 28

Latest updateMay 13

Description

The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/wireless_lan_controller_software7.3\(103.8\), 7.4\(110.0\)+1

🔴Vulnerability Details

GHSA

GHSA-pmpv-wf74-rw2h: The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7↗2022-05-13

▶

CVEList

CVE-2015-0679: The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7↗2015-03-28

▶

📋Vendor Advisories

Cisco

Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability↗2015-03-26

▶