Customers may only install and expect support for software versions and feature sets for which they have purchased a license. This advisory is available at the following link:Ĭisco has released free software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.Ĭisco has released software updates that address this vulnerability. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. ![]() The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
0 Comments
Leave a Reply. |