Input validation

2023-03-2317:15:00

PRIOn knowledge base

www.prio-n.com

cisco

wireless lan controllers

vulnerability

denial of service

input validation

http-based

client profiling

unauthenticated attacker

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.

CPENameOperatorVersion
ios_xeeq16.10.1
ios_xeeq16.12.1
ios_xeeq16.11.1
ios_xeeq17.1.1
ios_xeeq16.11.197
ios_xeeq16.12.1116
ios_xeeq16.11.2
ios_xeeq16.12.1115
ios_xeeq16.11.199
ios_xeeq16.11.198

Name	Operator	Version
ios_xe	eq	16.10.1
ios_xe	eq	16.12.1
ios_xe	eq	16.11.1
ios_xe	eq	17.1.1
ios_xe	eq	16.11.197
ios_xe	eq	16.12.1116
ios_xe	eq	16.11.2
ios_xe	eq	16.12.1115
ios_xe	eq	16.11.199
ios_xe	eq	16.11.198