14 matches found
CVE-2024-20271
CVE-2024-20271 affects Cisco Access Point Software. The issue is in IP packet processing, due to insufficient IPv4 packet input validation, allowing an unauthenticated, remote attacker to trigger a DoS by forcing a reload of the device. This can be exploited without AP association and cannot be t...
CVE-2023-20097
Cisco's CVE-2023-20097 concerns command-injection in Cisco Access Points (AP) software. The issue arises from improper input validation of commands issued from the wireless controller to an AP, allowing an authenticated local attacker with Administrator CLI access to inject arbitrary commands and...
CVE-2023-20268
Cisco CVE-2023-20268 affects Cisco Access Point (AP) software where the packet processing path can be abused by an unauthenticated, adjacent attacker sending specific wireless traffic to exhaust device resources. The vulnerability can disrupt CAPWAP tunnels and cause intermittent wireless client ...
CVE-2023-20056
CVE-2023-20056 affects Cisco Access Point software management CLI. The issue stems from insufficient input validation of user commands, allowing an authenticated, local attacker to trigger a reload and DoS on the device. Exploitation details are not provided in the documents; no explicit affected...
CVE-2022-20769
Cisco Wireless LAN Controller AireOS Software firmware with FIPS mode enabled is affected by CVE-2022-20769. The issue arises from insufficient error validation in the authentication function, allowing an unauthenticated, adjacent attacker to send crafted packets that crash the WLC and cause a Do...
CVE-2019-15266
Cisco WLC Path Traversal (CVE-2019-15266) is a local directory-traversal vulnerability in the CLI that could let an authenticated, local attacker view restricted system files by exploiting improper sanitization of filenames in command-line parameters. Connected sources confirm the issue affects C...
CVE-2018-0442
Cisco WLC CAPWAP memory leak (CVE-2018-0442) allows unauthenticated remote attackers to read device memory due to insufficient checks when handling CAPWAP keepalive requests. Affected product: Cisco Wireless LAN Controller software. Affected component: CAPWAP keepalive handling code. Root cause: ...
CVE-2018-0417
Cisco WLC GUI Privilege Escalation (CVE-2018-0417): A TACACS parsing flaw in Cisco Wireless LAN Controller Software GUI allows an authenticated, local attacker to create local admin accounts and run commands beyond CLI permissions. Root cause: improper parsing of a TACACS attribute in responses f...
CVE-2020-3560
Cisco Aironet Access Points are affected by CVE-2020-3560 due to improper resource management when processing certain UDP packets. An unauthenticated, remote attacker could leverage crafted UDP traffic to a specific port to cause a DoS, either by tearing down the AP–WLC connection or by forcing t...
CVE-2018-0248
Cisco Wireless LAN Controller (WLC) GUI configuration vulnerability (CVE-2018-0248) could allow an authenticated remote attacker with admin credentials to trigger a device reload during GUI configuration, causing DoS. Root cause is incomplete input validation for unexpected configuration options ...
CVE-2021-1423
CVE-2021-1423 describes a vulnerability in the CLI command handling of Cisco Aironet Access Points. An authenticated, local attacker can exploit insufficient input validation for a specific command to overwrite files in the device’s flash memory by issuing crafted arguments. The impact is the pot...
CVE-2019-1830
CVE-2019-1830 describes a DoS vulnerability in the Cisco Wireless LAN Controller (WLC) related to Locally Significant Certificate (LSC) management. The issue stems from incorrect input validation of the HTTP URL used to reach the LSC Certificate Authority. An authenticated attacker with administr...
CVE-2021-1449
Cisco CVE-2021-1449 affects Cisco Access Points Software. A vulnerability in the boot logic allows an authenticated, local attacker to execute unsigned code at boot time by exploiting an improper startup check, requiring access to the device devshell. This could bypass software image verification...
CVE-2019-1797
Cisco Wireless LAN Controller (WLC) software contains a Cross-Site Request Forgery (CSRF) vulnerability in the web-based management interface. The issue arises from insufficient CSRF protections, allowing an unauthenticated attacker to lure a user into a crafted link and perform arbitrary actions...