Page 3 of 89 results (0.002 seconds)

CVSS: 8.6EPSS: 0%CPEs: 58EXPL: 0

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.7EPSS: 1%CPEs: 1EXPL: 2

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition. • https://www.exploit-db.com/exploits/47744 http://packetstormsecurity.com/files/155554/Cisco-WLC-2504-8.9-Denial-Of-Service.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos • CWE-20: Improper Input Validation •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information. Una vulnerabilidad en la CLI de Cisco Wireless LAN Controller (WLC) Software, podría permitir a un atacante local autenticado visualizar los archivos del sistema que deberían estar restringidos. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-wlc-pathtrav • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device. • http://www.securityfocus.com/bid/108028 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-cert-dos • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0). • http://www.securityfocus.com/bid/108003 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-ssh • CWE-20: Improper Input Validation CWE-284: Improper Access Control •