Vulnerability CVE-2009-0059


Published: 2009-02-04   Modified: 2012-02-13

Description:
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> 4400 wireless lan controller 
Cisco -> Catalyst 3750 series integrated wireless lan controller 
Cisco -> Catalyst 6500 series integrated wireless lan controller 
Cisco -> Catalyst 7600 series wireless lan controller 
Cisco -> Wireless lan controller 
Cisco -> Wireless lan controller software 

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml
http://www.securityfocus.com/bid/33608
http://www.securitytracker.com/id?1021679

Copyright 2024, cxsecurity.com

 

Back to Top