CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
47.1%
A vulnerability in the Web Management GUI of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to trigger client disconnection.
The vulnerability is due to a lack of access control to the Cisco WLC Web Management GUI. An attacker could exploit this vulnerability by connecting to the IP address of the Cisco WLC and triggering client disconnections. The attacker must reach the Cisco WLC management IP address on port 80 or port 443 via its wired interface.
Cisco has not released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | wireless_lan_controller | 7.4 | cpe:2.3:h:cisco:wireless_lan_controller:7.4:*:*:*:*:*:*:* |
cisco | wireless_lan_controller | 8.0 | cpe:2.3:h:cisco:wireless_lan_controller:8.0:*:*:*:*:*:*:* |
cisco | wireless_lan_controller | 7.4.140.0 | cpe:2.3:h:cisco:wireless_lan_controller:7.4.140.0:*:*:*:*:*:*:* |
cisco | wireless_lan_controller | 8.0.120.0 | cpe:2.3:h:cisco:wireless_lan_controller:8.0.120.0:*:*:*:*:*:*:* |