CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0248 – Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0248
17 Apr 2019 — A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options t... • http://www.securityfocus.com/bid/108009 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0417 – Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0417
17 Oct 2018 — A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit coul... • http://www.securityfocus.com/bid/105667 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-0442 – Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-0442
17 Oct 2018 — A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vuln... • http://www.securityfocus.com/bid/105664 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 96EXPL: 0CVE-2016-6375
https://notcve.org/view.php?id=CVE-2016-6375
12 Sep 2016 — Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221. Dispositivos Cisco Wireless LAN Controller (WLC) en versiones anteriores a 8.0.140.0, 8.1.x y 8.2.x en versiones anteriores a 8.2.121.0 y 8.3.x en versiones ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0690
https://notcve.org/view.php?id=CVE-2015-0690
07 Apr 2015 — Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. Vulnerabilidad de XSS en el sistema de ayuda de HTML en los dispositivos Cisco Wireless LAN Controller (WLC) anterior a 8.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, también conocido como Bug ID CSCun95178. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38222 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2013-1141
https://notcve.org/view.php?id=CVE-2013-1141
28 Feb 2013 — The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. La funcionalidad mDNS snooping en Cisco Wireless LAN Controller (WLC) los dispositivos con software v7.4.1.54 y anteriores no gestionar adecuadamente buffers, lo que permite a usuarios remotos autenticados causar una denegación de... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2010-0574
https://notcve.org/view.php?id=CVE-2010-0574
10 Sep 2010 — Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653. Vulnerabilidad no específica en Cisco Wireless LAN Controller (WLC), v3.2 anterior a v3.2.215.0; v4.1 y v4.2 anteriores a v4.2.205.0; v4.1M y v4.2M anteriores a v4.2.207.54... • http://tools.cisco.com/security/center/viewAlert.x?alertId=21287 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2007-4011
https://notcve.org/view.php?id=CVE-2007-4011
26 Jul 2007 — Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco 4100 y 4400, Airespace 4000, y Catalyst 6500 y... • http://secunia.com/advisories/26161 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2007-4012
https://notcve.org/view.php?id=CVE-2007-4012
26 Jul 2007 — Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. Cisco 4100 y 4400, Airespace 4000, y Catalyst 6500 y 3750 Wireless LAN Controller (WLC) software 4.1 versiones anteriores a 4.1.180.0, permiten a atacantes remotos provocar una denegación de servicio (tormenta ARP) mediante... • http://secunia.com/advisories/26161 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2037
https://notcve.org/view.php?id=CVE-2007-2037
16 Apr 2007 — Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. Cisco Wireless LAN Controller (WLC) anterior a 3.2.116.21, y 4.0.x anterior a 4.0.155.0, permite a atacantes remotos en una red local provocar una denegación de servicio (caída del dispositivo) mediante tráfico Ethernet mal formado. • http://securitytracker.com/id?1017908 • CWE-399: Resource Management Errors •