The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WLC

vulnerability note CVE-2015-4224

Cisco Wireless Controller: code execution via command-line interface

Synthesis of the vulnerability

An attacker can inject host shell commands into the command-line interface of Cisco Wireless Controller, in order to execute code.
Impacted products: Cisco Wireless Controller.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 26/06/2015.
Identifiers: 39517, CVE-2015-4224, VIGILANCE-VUL-17244.

Description of the vulnerability

The Cisco Wireless Controller product offers a command line interface for management.

However, the parser does not suitably validates its input. One can insert commands for the host shell into commands for the product. (Filenames are a possible candidate for the injection path.)

An attacker can therefore inject host shell commands into the command-line interface of Cisco Wireless Controller, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-4215

Cisco Wireless LAN Controller: denial of service via IPv6

Synthesis of the vulnerability

An attacker can send a malicious IPv6 packet to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 24/06/2015.
Identifiers: 39472, CVE-2015-4215, VIGILANCE-VUL-17219.

Description of the vulnerability

The Cisco Wireless LAN Controller product has a service to manage received IPv6 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPv6 packet to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-0756

Cisco Wireless LAN Controller: denial of service via TCP

Synthesis of the vulnerability

An attacker can send a malicious TCP packet to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 28/05/2015.
Identifiers: 39041, CSCug67104, CVE-2015-0756, VIGILANCE-VUL-17006.

Description of the vulnerability

The Cisco Wireless LAN Controller product has a service to manage received TCP packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious TCP packet to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-0723

Cisco Wireless LAN Controller: denial of service

Synthesis of the vulnerability

An attacker can send malicious data to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Impacted products: Cisco Wireless Controller.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 11/05/2015.
Identifiers: 38749, CSCum03269, CVE-2015-0723, VIGILANCE-VUL-16865.

Description of the vulnerability

The Cisco Wireless LAN Controller product offers a web service.

However, an unauthenticated attacker can use a special parameter value, in order to stop the web service.

An attacker can therefore send malicious data to Cisco Wireless LAN Controller, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WLC: