Lucene search
K
CiscoWireless Lan Controller Software*

14 matches found

CVE
CVE
added 2024/03/27 5:5 p.m.152 views

CVE-2024-20271

CVE-2024-20271 affects Cisco Access Point Software. The issue is in IP packet processing, due to insufficient IPv4 packet input validation, allowing an unauthenticated, remote attacker to trigger a DoS by forcing a reload of the device. This can be exploited without AP association and cannot be t...

8.6CVSS7.1AI score0.00633EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.109 views

CVE-2023-20097

Cisco's CVE-2023-20097 concerns command-injection in Cisco Access Points (AP) software. The issue arises from improper input validation of commands issued from the wireless controller to an AP, allowing an authenticated local attacker with Administrator CLI access to inject arbitrary commands and...

6.7CVSS5.7AI score0.00236EPSS
CVE
CVE
added 2023/09/27 5:22 p.m.100 views

CVE-2023-20268

Cisco CVE-2023-20268 affects Cisco Access Point (AP) software where the packet processing path can be abused by an unauthenticated, adjacent attacker sending specific wireless traffic to exhaust device resources. The vulnerability can disrupt CAPWAP tunnels and cause intermittent wireless client ...

4.7CVSS4.8AI score0.00236EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.95 views

CVE-2023-20056

CVE-2023-20056 affects Cisco Access Point software management CLI. The issue stems from insufficient input validation of user commands, allowing an authenticated, local attacker to trigger a reload and DoS on the device. Exploitation details are not provided in the documents; no explicit affected...

6.5CVSS5.8AI score0.00257EPSS
CVE
CVE
added 2022/09/30 6:45 p.m.88 views

CVE-2022-20769

Cisco Wireless LAN Controller AireOS Software firmware with FIPS mode enabled is affected by CVE-2022-20769. The issue arises from insufficient error validation in the authentication function, allowing an unauthenticated, adjacent attacker to send crafted packets that crash the WLC and cause a Do...

7.4CVSS6.9AI score0.00489EPSS
CVE
CVE
added 2019/10/16 6:36 p.m.85 views

CVE-2019-15266

Cisco WLC Path Traversal (CVE-2019-15266) is a local directory-traversal vulnerability in the CLI that could let an authenticated, local attacker view restricted system files by exploiting improper sanitization of filenames in command-line parameters. Connected sources confirm the issue affects C...

4.4CVSS4.4AI score0.0065EPSS
CVE
CVE
added 2018/10/17 10:0 p.m.78 views

CVE-2018-0442

Cisco WLC CAPWAP memory leak (CVE-2018-0442) allows unauthenticated remote attackers to read device memory due to insufficient checks when handling CAPWAP keepalive requests. Affected product: Cisco Wireless LAN Controller software. Affected component: CAPWAP keepalive handling code. Root cause: ...

7.5CVSS7.4AI score0.03345EPSS
CVE
CVE
added 2018/10/17 10:0 p.m.76 views

CVE-2018-0417

Cisco WLC GUI Privilege Escalation (CVE-2018-0417): A TACACS parsing flaw in Cisco Wireless LAN Controller Software GUI allows an authenticated, local attacker to create local admin accounts and run commands beyond CLI permissions. Root cause: improper parsing of a TACACS attribute in responses f...

7.8CVSS7.8AI score0.03163EPSS
CVE
CVE
added 2020/09/24 5:50 p.m.76 views

CVE-2020-3560

Cisco Aironet Access Points are affected by CVE-2020-3560 due to improper resource management when processing certain UDP packets. An unauthenticated, remote attacker could leverage crafted UDP traffic to a specific port to cause a DoS, either by tearing down the AP–WLC connection or by forcing t...

8.6CVSS8.5AI score0.01415EPSS
CVE
CVE
added 2019/04/17 9:30 p.m.72 views

CVE-2018-0248

Cisco Wireless LAN Controller (WLC) GUI configuration vulnerability (CVE-2018-0248) could allow an authenticated remote attacker with admin credentials to trigger a device reload during GUI configuration, causing DoS. Root cause is incomplete input validation for unexpected configuration options ...

6.8CVSS6.1AI score0.02033EPSS
CVE
CVE
added 2021/03/24 8:20 p.m.72 views

CVE-2021-1423

CVE-2021-1423 describes a vulnerability in the CLI command handling of Cisco Aironet Access Points. An authenticated, local attacker can exploit insufficient input validation for a specific command to overwrite files in the device’s flash memory by issuing crafted arguments. The impact is the pot...

4.4CVSS4.7AI score0.0023EPSS
CVE
CVE
added 2019/04/18 1:15 a.m.67 views

CVE-2019-1830

CVE-2019-1830 describes a DoS vulnerability in the Cisco Wireless LAN Controller (WLC) related to Locally Significant Certificate (LSC) management. The issue stems from incorrect input validation of the HTTP URL used to reach the LSC Certificate Authority. An authenticated attacker with administr...

6.8CVSS5.1AI score0.01229EPSS
CVE
CVE
added 2021/03/24 8:6 p.m.66 views

CVE-2021-1449

Cisco CVE-2021-1449 affects Cisco Access Points Software. A vulnerability in the boot logic allows an authenticated, local attacker to execute unsigned code at boot time by exploiting an improper startup check, requiring access to the device devshell. This could bypass software image verification...

6.7CVSS6.5AI score0.00265EPSS
CVE
CVE
added 2019/04/18 1:5 a.m.58 views

CVE-2019-1797

Cisco Wireless LAN Controller (WLC) software contains a Cross-Site Request Forgery (CSRF) vulnerability in the web-based management interface. The issue arises from insufficient CSRF protections, allowing an unauthenticated attacker to lure a user into a crafted link and perform arbitrary actions...

8.8CVSS8.6AI score0.00744EPSS