Cisco Wireless LAN Controller Software Form Post Denial of Service Vulnerability

Cisco Wireless LAN Controller Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker could exploit the vulnerability by sending crafted HTTP GET requests to the targeted system. When processed, the malicious requests could cause the vulnerable software terminate abnormally, denying service to legitimate users.

Functional code that exploits the vulnerability is publicly available.

Cisco confirmed the vulnerability in a security bug report; however, software updates are not available.

Only users who can authenticate to the affected software could exploit the vulnerability. Affected systems typically have restricted access, limiting the potential for exploitation.

A related vulnerability in the affected software could allow an unauthenticated, remote attacker to exploit the vulnerability. However, the exploit relies upon user interaction, and the targeted user must have authenticated access to the affected system.