Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wireless_lan_controller_software
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 85 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-20268 | A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected... | Business_150ax_firmware, Business_151axm_firmware, Catalyst_9800_embedded_wireless_controller_firmware, Wireless_lan_controller_software | 4.7 | ||
| 2021-03-24 | CVE-2021-1437 | A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of... | Aironet_access_point_software, Catalyst_9800_firmware, Wireless_lan_controller_software | 7.5 | ||
| 2021-03-24 | CVE-2021-1449 | A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute... | Aironet_access_point_software, Catalyst_9800_firmware, Wireless_lan_controller_software | 6.7 | ||
| 2021-03-24 | CVE-2021-1423 | A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are... | Aironet_access_point_software, Catalyst_9800_firmware, Wireless_lan_controller_software | 4.4 | ||
| 2021-09-23 | CVE-2021-1419 | A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow... | 1100\-8p_firmware, 1120_firmware, 1160_firmware, Aironet_1542d_firmware, Aironet_1542i_firmware, Aironet_1562d_firmware, Aironet_1562e_firmware, Aironet_1562i_firmware, Aironet_1815i_firmware, Aironet_1815m_firmware, Aironet_1815t_firmware, Aironet_1815w_firmware, Aironet_1830e_firmware, Aironet_1830i_firmware, Aironet_1840i_firmware, Aironet_1850e_firmware, Aironet_1850i_firmware, Aironet_2800e_firmware, Aironet_2800i_firmware, Aironet_3800e_firmware, Aironet_3800i_firmware, Aironet_3800p_firmware, Aironet_4800_firmware, Catalyst_9105axi_firmware, Catalyst_9105axw_firmware, Catalyst_9115axe_firmware, Catalyst_9115axi_firmware, Catalyst_9117_firmware, Catalyst_9120axe_firmware, Catalyst_9120axi_firmware, Catalyst_9120axp_firmware, Catalyst_9124axd_firmware, Catalyst_9124axi_firmware, Catalyst_9130axe_firmware, Catalyst_9130axi_firmware, Catalyst_9800_firmware, Catalyst_iw6300_ac_firmware, Catalyst_iw6300_dc_firmware, Catalyst_iw6300_dcw_firmware, Esw6300_firmware, Wireless_lan_controller_software | 7.8 | ||
| 2022-09-30 | CVE-2022-20769 | A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS... | Wireless_lan_controller_software | 6.5 | ||
| 2023-03-23 | CVE-2023-20056 | A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload... | Aironet_access_point_software, Ios_xe, Wireless_lan_controller_software | 5.5 | ||
| 2023-03-23 | CVE-2023-20097 | A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root... | Aironet_access_point_software, Ios_xe, Wireless_lan_controller_software | 6.7 | ||
| 2018-10-17 | CVE-2018-0417 | A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A... | Wireless_lan_controller, Wireless_lan_controller_software | 7.8 | ||
| 2018-10-17 | CVE-2018-0420 | A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the... | Wireless_lan_controller_software | 6.5 |