Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15276

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.5MEDIUM

EPSS

31.8%

top 3.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Cisco Wireless LAN Controller (wlc)Cisco Wireless LAN Controller Software

Timeline

PublishedNov 26

Latest updateMay 24

Description

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conv…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/wireless_lan_controller_software8.4 — 8.10

▶CVEListV5cisco/cisco_wireless_lan_controller_(wlc)unspecified — n/a

🔴Vulnerability Details

GHSA

GHSA-6fp6-hh92-h5q5: A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a↗2022-05-24

▶

CVEList

Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability↗2019-11-26

▶

💥Exploits & PoCs

Exploit-DB

Cisco WLC 2504 8.9 - Denial of Service (PoC)↗2019-12-04

▶

📋Vendor Advisories

Cisco

Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability↗2019-11-06

▶