Lucene search
K
CiscoWireless Lan Controller Software

88 matches found

CVE
CVE
added 2019/11/26 3:12 a.m.151 views

CVE-2019-15276

CVE-2019-15276: Cisco Wireless LAN Controller HTTP parsing DoS . The vulnerability affects Cisco WLC software (versions 8.4–8.9, 8.10 fixed) where the HTTP parsing engine fails to handle specially crafted URLs. An attacker with low privileges (or a user who can be lured to click a crafted URL) ca...

7.7CVSS6.5AI score0.46305EPSS
CVE
CVE
added 2024/03/27 5:5 p.m.145 views

CVE-2024-20271

CVE-2024-20271 affects Cisco Access Point Software. The issue is in IP packet processing, due to insufficient IPv4 packet input validation, allowing an unauthenticated, remote attacker to trigger a DoS by forcing a reload of the device. This can be exploited without AP association and cannot be t...

8.6CVSS7.1AI score0.00633EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.108 views

CVE-2023-20097

Cisco's CVE-2023-20097 concerns command-injection in Cisco Access Points (AP) software. The issue arises from improper input validation of commands issued from the wireless controller to an AP, allowing an authenticated local attacker with Administrator CLI access to inject arbitrary commands and...

6.7CVSS5.7AI score0.00236EPSS
CVE
CVE
added 2023/09/27 5:22 p.m.99 views

CVE-2023-20268

Cisco CVE-2023-20268 affects Cisco Access Point (AP) software where the packet processing path can be abused by an unauthenticated, adjacent attacker sending specific wireless traffic to exhaust device resources. The vulnerability can disrupt CAPWAP tunnels and cause intermittent wireless client ...

4.7CVSS4.8AI score0.00236EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.95 views

CVE-2023-20056

CVE-2023-20056 affects Cisco Access Point software management CLI. The issue stems from insufficient input validation of user commands, allowing an authenticated, local attacker to trigger a reload and DoS on the device. Exploitation details are not provided in the documents; no explicit affected...

6.5CVSS5.8AI score0.00257EPSS
CVE
CVE
added 2013/01/24 9:0 p.m.89 views

CVE-2013-1102

CVE-2013-1102 affects Cisco Wireless LAN Controllers (WLC) via the Wireless Intrusion Prevention System (wIPS). The issue allows a remote, unauthenticated attacker to cause a DoS (device reload) by sending crafted IP packets, tracked as Bug ID CSCtx80743. Affected software versions are 7.0 before...

7.8CVSS6.8AI score0.01819EPSS
CVE
CVE
added 2022/09/30 6:45 p.m.87 views

CVE-2022-20769

Cisco Wireless LAN Controller AireOS Software firmware with FIPS mode enabled is affected by CVE-2022-20769. The issue arises from insufficient error validation in the authentication function, allowing an unauthenticated, adjacent attacker to send crafted packets that crash the WLC and cause a Do...

7.4CVSS6.9AI score0.00476EPSS
CVE
CVE
added 2019/10/16 6:36 p.m.83 views

CVE-2019-15266

Cisco WLC Path Traversal (CVE-2019-15266) is a local directory-traversal vulnerability in the CLI that could let an authenticated, local attacker view restricted system files by exploiting improper sanitization of filenames in command-line parameters. Connected sources confirm the issue affects C...

4.4CVSS4.4AI score0.0065EPSS
CVE
CVE
added 2018/10/17 7:0 p.m.81 views

CVE-2018-0388

CVE-2018-0388 affects Cisco Wireless LAN Controller (WLC) software. The vulnerability is in the web-based interface where input is not properly validated, enabling an authenticated, remote attacker to perform a cross-site scripting (XSS) attack by convincing a user to click a crafted link. Succes...

4.8CVSS5AI score0.01015EPSS
CVE
CVE
added 2019/04/18 1:10 a.m.81 views

CVE-2019-1805

CVE-2019-1805 describes an SSH access vulnerability in Cisco Wireless LAN Controller (WLC) software. The issue stems from improper input/validation checks in the SSH server, allowing an unauthenticated, adjacent attacker to gain access to a CLI instance on affected devices. Connected advisory doc...

5.4CVSS4.6AI score0.00545EPSS
CVE
CVE
added 2012/03/01 1:0 a.m.79 views

CVE-2012-0368

CVE-2012-0368 affects Cisco Wireless LAN Controllers (WLC) where an unauthenticated remote attacker can cause a device crash by sending a malformed URL in HTTP requests to the WLC admin interface. The vulnerability is lifecycle-limited to affected software trains: 4.x, 5.x, 6.0, and 7.0 before 7....

7.8CVSS6.8AI score0.01318EPSS
CVE
CVE
added 2018/10/17 7:0 p.m.77 views

CVE-2018-0416

Cisco Wireless LAN Controller (WLC) Software contains an information-disclosure vulnerability in its web-based interface. Incomplete input/validation in URL requests allows unauthenticated remote attackers to view sensitive system information by requesting crafted URLs. The issue is confirmed acr...

5.3CVSS5.2AI score0.02507EPSS
CVE
CVE
added 2018/10/17 10:0 p.m.77 views

CVE-2018-0442

Cisco WLC CAPWAP memory leak (CVE-2018-0442) allows unauthenticated remote attackers to read device memory due to insufficient checks when handling CAPWAP keepalive requests. Affected product: Cisco Wireless LAN Controller software. Affected component: CAPWAP keepalive handling code. Root cause: ...

7.5CVSS7.4AI score0.03345EPSS
CVE
CVE
added 2020/09/24 5:50 p.m.76 views

CVE-2020-3560

Cisco Aironet Access Points are affected by CVE-2020-3560 due to improper resource management when processing certain UDP packets. An unauthenticated, remote attacker could leverage crafted UDP traffic to a specific port to cause a DoS, either by tearing down the AP–WLC connection or by forcing t...

8.6CVSS8.5AI score0.01415EPSS
CVE
CVE
added 2021/09/23 2:30 a.m.76 views

CVE-2021-1419

CVE-2021-1419 affects Cisco Access Points (APs) SSH management interface, where improper checking of file operations allows a local, authenticated user to modify files and potentially gain root privileges. The root cause is input/file operation validation within the SSH management feature. Affect...

7.8CVSS7.8AI score0.0021EPSS
CVE
CVE
added 2024/03/27 4:47 p.m.76 views

CVE-2024-20354

Summary: CVE-2024-20354 affects Cisco Aironet Access Point (AP) Software. The vulnerability stems from incomplete cleanup of resources when dropping certain malformed encrypted wireless frames, allowing an unauthenticated, adjacent attacker (wireless client) to cause degradation of service or a p...

7.4CVSS6.9AI score0.00292EPSS
CVE
CVE
added 2018/10/17 10:0 p.m.75 views

CVE-2018-0417

Cisco WLC GUI Privilege Escalation (CVE-2018-0417): A TACACS parsing flaw in Cisco Wireless LAN Controller Software GUI allows an authenticated, local attacker to create local admin accounts and run commands beyond CLI permissions. Root cause: improper parsing of a TACACS attribute in responses f...

7.8CVSS7.8AI score0.03163EPSS
CVE
CVE
added 2015/06/24 10:0 a.m.73 views

CVE-2015-4215

Cisco WLC IPv6 packet handling vulnerability (CVE-2015-4215) affects Cisco Wireless LAN Controller devices running software 7.5(102.0) and 7.6(1.62). The issue arises when forwarding IPv6 packets to a device not configured for IPv6, causing an unhandled exception that can crash the device. This i...

6.1CVSS7AI score0.01041EPSS
CVE
CVE
added 2012/12/19 11:0 a.m.72 views

CVE-2012-5992

CVE-2012-5992 affects Cisco Wireless LAN Controller (WLC) devices running software 7.2.110.0. Concrete details from connected documents describe multiple CSRF vulnerabilities that allow an attacker to hijack administrator authentication for requests such as adding administrative accounts (via scr...

6.8CVSS6.7AI score0.01784EPSS
CVE
CVE
added 2015/09/25 1:0 a.m.72 views

CVE-2015-6302

The CVE-2015-6302 issue affects Cisco Wireless LAN Controller (WLC) firmware specifically 7.0(250.0) and 7.0(252.0). The root cause is insufficient input validation in the RADIUS Disconnect-Request handling, enabling an unauthenticated, remote attacker to cause a partial denial-of-service by disc...

5CVSS7.2AI score0.02094EPSS
CVE
CVE
added 2021/03/24 8:20 p.m.72 views

CVE-2021-1423

CVE-2021-1423 describes a vulnerability in the CLI command handling of Cisco Aironet Access Points. An authenticated, local attacker can exploit insufficient input validation for a specific command to overwrite files in the device’s flash memory by issuing crafted arguments. The impact is the pot...

4.4CVSS4.7AI score0.0023EPSS
CVE
CVE
added 2017/03/15 8:0 p.m.71 views

CVE-2017-3854

The CVE-2017-3854 entry addresses a Cisco WLC mesh-impersonation vulnerability. Affected products run Cisco Wireless LAN Controller software in meshed mode (e.g., 8500/5500/2500 series, Flex 7500, vWLC, WiSM2). Root cause: insufficient authentication of the parent AP in a mesh configuration, enab...

8.8CVSS8.9AI score0.01394EPSS
CVE
CVE
added 2019/04/17 9:30 p.m.70 views

CVE-2018-0248

Cisco Wireless LAN Controller (WLC) GUI configuration vulnerability (CVE-2018-0248) could allow an authenticated remote attacker with admin credentials to trigger a device reload during GUI configuration, causing DoS. Root cause is incomplete input validation for unexpected configuration options ...

6.8CVSS6.1AI score0.02033EPSS
CVE
CVE
added 2013/01/24 9:0 p.m.69 views

CVE-2013-1104

The CVE-2013-1104 issue affects Cisco Wireless LAN Controllers (WLC) with software 7.3.101.0, where HTTP Profiling allows remote authenticated users to execute arbitrary code by sending a crafted HTTP User-Agent header (Remote Code Execution). Multiple public references confirm the HTTP Profiling...

9CVSS7.5AI score0.03727EPSS
CVE
CVE
added 2018/10/17 10:0 p.m.67 views

CVE-2018-0443

Cisco WLC CAPWAP DoS (CVE-2018-0443): A vulnerability in CAPWAP Discovery Request packet handling due to improper input validation can be exploited by an unauthenticated remote attacker to cause the WLC to disconnect associated APs, producing brief service outages. Affected: Cisco Wireless LAN Co...

8.6CVSS7.7AI score0.03381EPSS
CVE
CVE
added 2009/02/05 12:0 a.m.66 views

CVE-2009-0058

The CVE-2009-0058 issue affects Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 WiSM modules, and Catalyst 3750 Integrated WLCs. The vulnerability exists in software versions 4.x prior to 4.2.176.0 and 5.x prior to 5.2, allowing remote attackers to cause a denial of service (web authen...

6.1CVSS7.2AI score0.0078EPSS
CVE
CVE
added 2015/05/16 2:0 p.m.66 views

CVE-2015-0726

CVE-2015-0726 affects Cisco Wireless LAN Controller (WLC) web administration interfaces. Affected releases include before 7.0.241, 7.1.x–7.4.x before 7.4.122, and 7.5.x–7.6.x before 7.6.120. The issue is caused by improper validation of certain form parameters, enabling an authenticated, remote a...

6.8CVSS6.5AI score0.02771EPSS
CVE
CVE
added 2017/11/02 4:0 p.m.66 views

CVE-2017-12278

CVE-2017-12278 affects Cisco Wireless LAN Controllers via a memory-leak in the SNMP subsystem that can exhaust memory and cause a reboot/DoS when an attacker who has SNMP credentials polls specific MIBs. Exploitation requires authenticated access (SNMP v2 read or SNMP v3 credentials); memory depl...

6.3CVSS6.5AI score0.01607EPSS
CVE
CVE
added 2019/04/18 1:15 a.m.66 views

CVE-2019-1830

CVE-2019-1830 describes a DoS vulnerability in the Cisco Wireless LAN Controller (WLC) related to Locally Significant Certificate (LSC) management. The issue stems from incorrect input validation of the HTTP URL used to reach the LSC Certificate Authority. An authenticated attacker with administr...

6.8CVSS5.1AI score0.01229EPSS
CVE
CVE
added 2012/12/19 11:0 a.m.65 views

CVE-2012-5991

CVE-2012-5991 affects Cisco Wireless LAN Controller 7.2.110.0. The issue arises from insufficient validation of user-supplied input to the WLC web interface (web_auth_custom.html), enabling remote authenticated users to cause a denial of service (device reload) via a crafted buttonClicked value i...

6.3CVSS6.3AI score0.05519EPSS
CVE
CVE
added 2015/08/22 5:0 p.m.65 views

CVE-2015-6258

The CVE-2015-6258 issue affects the Cisco Wireless LAN Controller (WLC) IAPP module (software 8.1(104.37)). A remote attacker can trigger incorrect traffic forwarding by sending crafted IPv6 packets to the WLC, due to improper IPv6 input validation, potentially causing traffic to be forwarded to ...

5CVSS7AI score0.01965EPSS
CVE
CVE
added 2019/04/18 12:45 a.m.65 views

CVE-2019-1796

CVE-2019-1796 affects Cisco Wireless LAN Controller (WLC) software due to improper validation of input in Inter-Access Point Protocol (IAPP) messages. An unauthenticated adjacent attacker can send malicious IAPP messages to trigger a reload of the WLC, causing a DoS. Affected software versions in...

7.4CVSS6.5AI score0.00646EPSS
CVE
CVE
added 2021/03/24 8:5 p.m.65 views

CVE-2021-1437

CVE-2021-1437 concerns the Cisco Aironet Series Access Points’ FlexConnect Upgrade feature. The root cause is an unrestricted TFTP configuration that enables an unauthenticated, remote attacker to disclose confidential information by requesting arbitrary files from the device filesystem. Affected...

7.5CVSS7.4AI score0.01494EPSS
CVE
CVE
added 2021/03/24 8:6 p.m.65 views

CVE-2021-1449

Cisco CVE-2021-1449 affects Cisco Access Points Software. A vulnerability in the boot logic allows an authenticated, local attacker to execute unsigned code at boot time by exploiting an improper startup check, requiring access to the device devshell. This could bypass software image verification...

6.7CVSS6.5AI score0.00265EPSS
CVE
CVE
added 2012/03/01 1:0 a.m.64 views

CVE-2012-0369

CVE-2012-0369 affects Cisco Wireless LAN Controller (WLC) devices running IOS-like software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0. The vulnerability allows unauthenticated remote attackers to cause a denial of service (device reload) by sending a sequence of ...

7.8CVSS6.9AI score0.01873EPSS
CVE
CVE
added 2012/03/01 1:0 a.m.64 views

CVE-2012-0371

CVE-2012-0371 affects Cisco Wireless LAN Controllers (WLCs) running 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4 where CPU-based ACLs are enabled. An unauthenticated remote attacker could read or modify the device configuration by connecting to TCP port 1023, enabling unauthorized access. Affected dev...

9.3CVSS6.9AI score0.01763EPSS
CVE
CVE
added 2014/03/06 11:0 a.m.64 views

CVE-2014-0703

Cisco WLC devices running 7.4 before 7.4.110.0 distribute Aironet IOS software that contains a race condition in the status of the administrative HTTP server. This allows remote attackers to bypass access restrictions by connecting to an Aironet AP where the server was disabled ineffectively. The...

10CVSS6.8AI score0.02016EPSS
CVE
CVE
added 2014/03/06 11:0 a.m.64 views

CVE-2014-0704

CVE-2014-0704 affects Cisco Wireless LAN Controller (WLC) IGMP handling. When IGMPv3 Snooping is enabled, a crafted field in an IGMPv3 message can trigger a memory over-read in the IGMP subsystem, causing a DoS via device restart. Affected releases include WLC 4.x, 5.x, 6.x, 7.0 before 7.0.250.0,...

7.1CVSS6.7AI score0.01178EPSS
CVE
CVE
added 2015/10/25 1:0 a.m.64 views

CVE-2015-6341

The CVE-2015-6341 issue affects Cisco Wireless LAN Controller (WLC) Web Management GUI. Vulnerable component: Web Management GUI; root cause: lack of access control allowing an unauthenticated, remote attacker to trigger client disconnections. Affected software versions include 7.4(140.0) and 8.0...

5CVSS6.9AI score0.01988EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.64 views

CVE-2016-1363

Cisco Wireless LAN Controller (WLC) Software 7.2–7.4 before 7.4.140.0(MD) and 7.5–8.0 before 8.0.115.0(ED) are affected by a buffer overflow in the HTTP redirection function. The vulnerability allows unauthenticated remote attackers to craft HTTP requests that could cause a buffer overflow, poten...

10CVSS9.8AI score0.05581EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.64 views

CVE-2018-0245

The CVE-2018-0245 issue affects Cisco 5500 and 8500 Series Wireless LAN Controllers, where the REST API supports requests that may expose sensitive system information. Root cause: incomplete input validation in REST URL handling, enabling an unauthenticated, remote attacker to view system informa...

5.3CVSS5.3AI score0.02355EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.63 views

CVE-2015-6314

CVE-2015-6314 affects Cisco Wireless LAN Controller (WLC) software: 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0. The vulnerability allows a remote, unauthenticated attacker to change device configuration via unspecified vectors, potentially leading to full compromise. Root cause is desc...

10CVSS9.4AI score0.02976EPSS
CVE
CVE
added 2017/11/02 4:0 p.m.63 views

CVE-2017-12275

Summary of evidence : CVE-2017-12275 is a vulnerability in Cisco Wireless LAN Controller (WLC) implementations of 802.11v BSS Transition Management. The issue arises from insufficient input validation of 802.11v BSS Transition Management Response packets received from wireless clients, allowing a...

7.4CVSS7.3AI score0.00708EPSS
CVE
CVE
added 2010/09/10 5:0 p.m.62 views

CVE-2010-0575

Cisco Wireless LAN Controller (WLC) software is affected by CVE-2010-0575, potentially on 6.0.x and on 4.1–6.0.x. The issue enables remote attackers to bypass ACLs in the controller CPU, allowing traffic to reach unintended segments or devices via unspecified vectors. The connected Red Hat and CV...

5CVSS7.1AI score0.01097EPSS
CVE
CVE
added 2012/03/01 1:0 a.m.62 views

CVE-2012-0370

CVE-2012-0370 affects Cisco Wireless LAN Controllers (WLC) with Cisco WLC software versions 4.x, 5.x, 6.0 and 7.0 before 7.0.220.0, and 7.1 before 7.1.91.0, when WebAuth is enabled. The WebAuth Denial of Service vulnerability allows an unauthenticated remote attacker to cause a device reload by s...

7.8CVSS6.9AI score0.01318EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.62 views

CVE-2016-1364

Cisco Wireless LAN Controller (WLC) Software is affected by CVE-2016-1364 due to a flaw in the Bonjour task manager that lets unauthenticated remote attackers cause a device reload via crafted Bonjour traffic. Affected versions are WLC 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110...

7.8CVSS7.4AI score0.01618EPSS
CVE
CVE
added 2016/09/12 1:0 a.m.62 views

CVE-2016-6375

CVE-2016-6375 affects Cisco Wireless LAN Controller (WLC) devices: before 8.0.140.0, 8.1.x, and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0. An unauthenticated, adjacent attacker can cause a DoS by sending crafted Inter-Access Point Protocol (IAPP) packets, followed by an SNMP TSM informat...

5.7CVSS5.3AI score0.00617EPSS
CVE
CVE
added 2017/04/06 6:0 p.m.62 views

CVE-2016-9219

Cisco WLC IPv6 UDP packet handling vulnerability (CVE-2016-9219) in Cisco Wireless LAN Controller software affects 8.2.121.0 and 8.3.102.0. The issue stems from incomplete IPv6 UDP header validation in the ingress path, allowing an unauthenticated, remote attacker to trigger an unexpected device ...

7.8CVSS7.5AI score0.03048EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.62 views

CVE-2018-0252

CVE-2018-0252 affects Cisco Wireless LAN Controller software on the 3500/5500/8500 series. Root cause: corruption in an internal data structure during IPv4 fragment reassembly. Impact: unauthenticated remote attacker can trigger a device reload, causing DoS. Affected releases include all 8.4 vers...

8.6CVSS7.8AI score0.02516EPSS
CVE
CVE
added 2019/04/18 12:45 a.m.62 views

CVE-2019-1799

Cisco Wireless LAN Controller (WLC) Software is affected by CVE-2019-1799 due to improper validation of fields in Inter-Access Point Protocol (IAPP) messages, enabling an unauthenticated adjacent attacker to cause a DoS by forcing a reload. Affected releases include versions prior to 8.2.170.0, 8...

7.4CVSS6.5AI score0.00646EPSS
Total number of security vulnerabilities88