CVE-2016-9219

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 38.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Firmware Cisco Wireless LAN Controller Software

Timeline

PublishedApr 6

Latest updateMay 13

Description

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. T…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/wireless_lan_controller_software8.3.102.0

▶CVEListV5cisco_wireless_lan_controllerCisco Wireless LAN Controller

▶NVDcisco/wireless_lan_controller_firmware8.2.121.0

🔴Vulnerability Details

GHSA

GHSA-cf5v-7xgc-j383: A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacke↗2022-05-13

▶

CVEList

CVE-2016-9219: A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacke↗2017-04-06

▶

📋Vendor Advisories

Cisco

Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability↗2017-04-05

▶