Executive Summary

Title Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability
Name cisco-sa-20160420-wlc First vendor Publication 2016-04-20
Vendor Cisco Last vendor Modification 2016-04-20
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXF4vBAAoJEK89gD3EAJB5DyEQAOZXYD8FI8cLQMVasgCJ2rv5 K8kiwYTZ6RQj0PgdeTk4Ed6UMbi0iT0XYt8E8lo73TNCEm9mqN9nPCXX0Kxsa/06 +aK1yDgB+wxbbrvQ+JNDO6GHWzcjB98giv6lVN8dTDzO8nEP12q1EvV7xKREc7Tz AJ2xTEOWgpTPEwDG0NxA5ihsxjtPRj52w1m0uxJladV1VFlvfGqmiA2NK7PdRUjz +5FpbVNG/fBzJCkjQQPjyZViYsAPaeRQnQMfIUov6D7Ta0RYWe+qlSwjmfElR8Pb BdeACjVsCEZ+YLrQgsyBXZ4MVf8+CL4VdC4M4vrRnxWqVatqdUqNVlsGrovyuVDh PijWM0pmS/yk12M4KIpjPzPlwJbC9vs4s7qaJXaP+94YvtJwzGAuT9LrWohMExfJ kQmmCn+Cy/TpX4qMzbN0i5+n+at9KPqHRdSHlnqCTY8eQkxOhY3vt6fbl1z5JkMh vvq3C9nXC6cQ/Jat36MmXRI3Ky++CzZ1od9joRb1kRAijlM7ZF9hjC0cqsWNX9O1 4XXo4wZ/VaJRUWmSHTMsjY2Yk8ccq1bq8agkOQm+sSBvn36LVrjKpC7ZZEIavnwt w9A+xLOoVMffa8QiUnLzKu9YuztfHmpWt9wsalhBwaAxeXtxNKKh8GUUtucDo6m0 fclgfYYNyMiUShiD48JD =FKA2 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

Os 4

Snort® IPS/IDS

Date Description
2016-04-21 Cisco WLAN Controller management interface denial of service attempt
RuleID : 38591 - Revision : 1 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2016-05-04 Name : The remote device is missing vendor-supplied security patches.
File : cisco-sa-20160420-htrd-bdos-wlc.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-05-05 13:30:52
  • Multiple Updates
2016-05-02 21:40:51
  • Multiple Updates
2016-04-20 21:25:41
  • First insertion