[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 20 Apr 2016 12:00:19 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface 
Denial of Service Vulnerability

Advisory ID: cisco-sa-20160420-wlc

Revision 1.0

For Public Release 2016 April 20 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web-based management interface of Cisco Wireless LAN 
Controller (WLC) devices running Cisco AireOS Software could allow an 
unauthenticated, remote attacker to cause an affected device to reload, 
resulting in a denial of service (DoS) condition.

The vulnerability is due to the presence of unsupported URLs in the web-based 
device management interface provided by the affected software. An attacker 
could exploit this vulnerability by attempting to access a URL that is not 
generally accessible from and supported by the management interface. A 
successful exploit could allow the attacker to cause the device to reload, 
resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are 
no workarounds that address this vulnerability.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXF4vBAAoJEK89gD3EAJB5DyEQAOZXYD8FI8cLQMVasgCJ2rv5
K8kiwYTZ6RQj0PgdeTk4Ed6UMbi0iT0XYt8E8lo73TNCEm9mqN9nPCXX0Kxsa/06
+aK1yDgB+wxbbrvQ+JNDO6GHWzcjB98giv6lVN8dTDzO8nEP12q1EvV7xKREc7Tz
AJ2xTEOWgpTPEwDG0NxA5ihsxjtPRj52w1m0uxJladV1VFlvfGqmiA2NK7PdRUjz
+5FpbVNG/fBzJCkjQQPjyZViYsAPaeRQnQMfIUov6D7Ta0RYWe+qlSwjmfElR8Pb
BdeACjVsCEZ+YLrQgsyBXZ4MVf8+CL4VdC4M4vrRnxWqVatqdUqNVlsGrovyuVDh
PijWM0pmS/yk12M4KIpjPzPlwJbC9vs4s7qaJXaP+94YvtJwzGAuT9LrWohMExfJ
kQmmCn+Cy/TpX4qMzbN0i5+n+at9KPqHRdSHlnqCTY8eQkxOhY3vt6fbl1z5JkMh
vvq3C9nXC6cQ/Jat36MmXRI3Ky++CzZ1od9joRb1kRAijlM7ZF9hjC0cqsWNX9O1
4XXo4wZ/VaJRUWmSHTMsjY2Yk8ccq1bq8agkOQm+sSBvn36LVrjKpC7ZZEIavnwt
w9A+xLOoVMffa8QiUnLzKu9YuztfHmpWt9wsalhBwaAxeXtxNKKh8GUUtucDo6m0
fclgfYYNyMiUShiD48JD
=FKA2
-----END PGP SIGNATURE-----

Prev by Date: RCE via CSRF in phpMyFAQ
Next by Date: Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability
Previous by thread: RCE via CSRF in phpMyFAQ
Next by thread: Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability
Index(es):
- Date
- Thread