CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
52.2%
A vulnerability in the web authentication feature of Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerability is due to the improper handling of ill-formed passwords by the web authentication feature used by the affected software. An unauthenticated, adjacent attacker could exploit this vulnerability by submitting ill-formed passwords to an affected device. A successful exploit could cause the device to crash and reload, resulting in a DoS condition.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must have access to the same broadcast or collision domain as the targeted device. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | wireless_lan_controller | 7.4 | cpe:2.3:h:cisco:wireless_lan_controller:7.4:*:*:*:*:*:*:* |
cisco | wireless_lan_controller | 7.3 | cpe:2.3:h:cisco:wireless_lan_controller:7.3:*:*:*:*:*:*:* |
cisco | wireless_lan_controller | 7.4.110.0 | cpe:2.3:h:cisco:wireless_lan_controller:7.4.110.0:*:*:*:*:*:*:* |
cisco | wireless_lan_controller | 7.3.103.8 | cpe:2.3:h:cisco:wireless_lan_controller:7.3.103.8:*:*:*:*:*:*:* |