The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Wireless LAN Controller

computer vulnerability alert CVE-2018-0235

Cisco WLC: denial of service via 802.11 Management Frame

Synthesis of the vulnerability

An attacker can send malicious 802.11 Management Frame packets to Cisco WLC, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: radio connection.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-211, cisco-sa-20180502-wlc-mfdos, CSCvg07024, CVE-2018-0235, VIGILANCE-VUL-26036.

Description of the vulnerability

An attacker can send malicious 802.11 Management Frame packets to Cisco WLC, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0252

Cisco WLC: denial of service via IP Fragment Reassembly

Synthesis of the vulnerability

An attacker can generate a fatal error via IP Fragment Reassembly of Cisco WLC, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-211, cisco-sa-20180502-wlc-ip, CSCvf89222, CVE-2018-0252, VIGILANCE-VUL-26035.

Description of the vulnerability

An attacker can generate a fatal error via IP Fragment Reassembly of Cisco WLC, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0245

Cisco WLC: information disclosure via REST API

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via REST API of Cisco WLC, in order to obtain sensitive information.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-211, cisco-sa-20180502-wlc-id, CSCvg89442, CVE-2018-0245, VIGILANCE-VUL-26034.

Description of the vulnerability

An attacker can bypass access restrictions to data via REST API of Cisco WLC, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0247

Cisco Aironet/WLC: privilege escalation via WebAuth

Synthesis of the vulnerability

An attacker can bypass restrictions via WebAuth of Cisco Aironet/WLC, in order to escalate his privileges.
Impacted products: Cisco Aironet, Cisco Wireless Controller.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: radio connection.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-211, cisco-sa-20180502-aironet-auth, CSCvc79502, CSCvf71789, CVE-2018-0247, VIGILANCE-VUL-26028.

Description of the vulnerability

An attacker can bypass restrictions via WebAuth of Cisco Aironet/WLC, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 25913

Cisco Wireless LAN Controller: privilege escalation via Default SNMP Community Strings

Synthesis of the vulnerability

An attacker can bypass restrictions via Default SNMP Community Strings of Cisco Wireless LAN Controller, in order to escalate his privileges.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-wlc, CSCsy55815, CSCug57136, VIGILANCE-VUL-25913.

Description of the vulnerability

An attacker can bypass restrictions via Default SNMP Community Strings of Cisco Wireless LAN Controller, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-12280

Cisco Wireless LAN Controller: denial of service via CAPWAP

Synthesis of the vulnerability

An attacker can send malicious CAPWAP packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-389, cisco-sa-20171101-wlc3, CSCvb95842, CVE-2017-12280, VIGILANCE-VUL-24287.

Description of the vulnerability

An attacker can send malicious CAPWAP packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12282

Cisco Wireless LAN Controller: denial of service via ANQP

Synthesis of the vulnerability

An attacker can send malicious ANQP packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: radio connection.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-389, cisco-sa-20171101-wlc4, CSCve05779, CVE-2017-12282, VIGILANCE-VUL-24286.

Description of the vulnerability

An attacker can send malicious ANQP packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12278

Cisco Wireless LAN Controller: denial of service via SNMP

Synthesis of the vulnerability

An attacker can send malicious SNMP packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-389, cisco-sa-20171101-wlc1, CSCvc71674, CVE-2017-12278, VIGILANCE-VUL-24282.

Description of the vulnerability

An attacker can send malicious SNMP packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12275

Cisco Wireless LAN Controller: denial of service via 802.11v BSS Transition Management Response

Synthesis of the vulnerability

An attacker can send malicious 802.11v BSS Transition Management Response packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: radio connection.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-389, cisco-sa-20171101-wlc2, CSCvb57803, CVE-2017-12275, VIGILANCE-VUL-24281.

Description of the vulnerability

An attacker can send malicious 802.11v BSS Transition Management Response packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9195

Cisco Wireless LAN Controller: denial of service via RADIUS CoA

Synthesis of the vulnerability

An attacker can send malicious RADIUS CoA packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 06/04/2017.
Identifiers: cisco-sa-20170405-wlc1, CVE-2016-9195, VIGILANCE-VUL-22364.

Description of the vulnerability

The Cisco Wireless LAN Controller product includes a RADIUS service.

However, when malicious RADIUS CoA packets are received, a fatal error occurs.

An attacker can therefore send malicious RADIUS CoA packets to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Wireless LAN Controller: