CVE-2016-1363 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Wireless LAN Controller Software

CWE-3995 documents5 sources

Severity

9.8CRITICALNVD

EPSS

11.6%

top 6.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Software

Timeline

PublishedApr 21

Latest updateMay 13

Description

Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/wireless_lan_controller_software7.2.0 — 7.4.140.0+1

🔴Vulnerability Details

GHSA

GHSA-49cg-6fc4-5qhm: Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7↗2022-05-13

▶

CVEList

CVE-2016-1363: Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7↗2016-04-21

▶

📋Vendor Advisories

Cisco

Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability↗2016-04-20

▶

💬Community

Bugzilla

CVE-2016-5419 curl: TLS session resumption client cert bypass↗2016-08-01

▶