CVE-2022-20769 – Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20769
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB • CWE-787: Out-of-bounds Write •
CVE-2017-3854
https://notcve.org/view.php?id=CVE-2017-3854
A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode: Cisco 8500 Series Wireless Controller, Cisco 5500 Series Wireless Controller, Cisco 2500 Series Wireless Controller, Cisco Flex 7500 Series Wireless Controller, Cisco Virtual Wireless Controller, Wireless Services Module 2 (WiSM2). • http://www.securityfocus.com/bid/96911 http://www.securitytracker.com/id/1038041 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh • CWE-287: Improper Authentication •
CVE-2013-1235
https://notcve.org/view.php?id=CVE-2013-1235
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. Cisco Wireless LAN Controller (WLC) no gestiona adecuadamente el consumo de recursos de las sesiones TELNET terminadas, lo que permite a atacantes remotos provocar una denegación de servicio haciendo muchas conexiones Telnet y acabando de forma inadecuada con las mismas, también conocido como Bug ID CSCug35507. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235 •
CVE-2012-0369
https://notcve.org/view.php?id=CVE-2012-0369
Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949. Dispositivos Cisco Wireless LAN Controller (WLC) con software v6.0 y v7.0 anteriores a v7.0.220.0, 7.1 anteriores a v7.1.91.0, y v7.2 anteriores a v7.2.103.0 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de una secuencia de paquetes IPv6, también conocido como Bug ID CSCtt07949. • http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc • CWE-399: Resource Management Errors •
CVE-2012-0370
https://notcve.org/view.php?id=CVE-2012-0370
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. Dispositivos Cisco Wireless LAN Controller (WLC) con software 4v.x, v5.x, v6.0, y v7.0 anteriores a v7.0.220.0 y 7.1 anteriores a v7.1.91.0, cuando está activado WebAuth, permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de una secuencia de paquetes (1) HTTP o (2) HTTPS, también conocido como Bug ID CSCtt47435. • http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc • CWE-399: Resource Management Errors •