Cisco Wireless Lan Controller Software vulnerabilities

CVE-2018-0248 [MEDIUM] CWE-20 CVE-2018-0248: A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WL A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker wou

CVE-2018-0417 [HIGH] CWE-264 CVE-2018-0417: A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could all A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the

CVE-2018-0442 [HIGH] CWE-200 CVE-2018-0442: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol componen A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the

CVE-2018-0443 [HIGH] CWE-399 CVE-2018-0443: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol componen A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the

CVE-2018-15395 [MEDIUM] CWE-284 CVE-2018-15395: A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Co A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Gro

CVE-2018-0388 [MEDIUM] CWE-79 CVE-2018-0388: A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could all A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface.

CVE-2018-0416 [MEDIUM] CWE-20 CVE-2018-0416: A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could all A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker co

CVE-2018-0420 [MEDIUM] CWE-22 CVE-2018-0420: A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using director

CVE-2018-0252 [HIGH] CWE-399 CVE-2018-0252: A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 850 A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data st

CVE-2018-0235 [HIGH] CWE-20 CVE-2018-0235: A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (W A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information ele

CVE-2018-0245 [MEDIUM] CWE-200 CVE-2018-0245: A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker co

CVE-2018-0247 [MEDIUM] CWE-287 CVE-2018-0247: A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific con

CVE-2016-9219 [HIGH] CWE-20 CVE-2016-9219: A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Softw A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a speci

CVE-2017-3854 [HIGH] CWE-287 CVE-2017-3854: A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unau A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system t

CVE-2016-6375 [MEDIUM] CWE-399 CVE-2016-6375: Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.

CVE-2016-1460 [MEDIUM] CWE-399 CVE-2016-1460: Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers t Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979.

CVE-2016-1363 [CRITICAL] CWE-399 CVE-2016-1363: Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.

CVE-2016-1364 [HIGH] CWE-20 CVE-2016-1364: Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8 Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.

CVE-2015-6314 [CRITICAL] CWE-287 CVE-2015-6314: Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 befor Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.

CVE-2015-6341 [MEDIUM] CWE-264 CVE-2015-6341: The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8 The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.