Vulnerabilities > Cisco > Wireless LAN Controller Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-15266 | Path Traversal vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. | 4.4 |
| 2019-04-18 | CVE-2019-1830 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. | 4.9 |
| 2019-04-18 | CVE-2019-1805 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.3(141.0) A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. | 4.3 |
| 2019-04-18 | CVE-2019-1800 | Improper Input Validation vulnerability in Cisco products A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.5 |
| 2019-04-18 | CVE-2019-1799 | Improper Input Validation vulnerability in Cisco products A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.5 |
| 2019-04-18 | CVE-2019-1797 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. | 8.8 |
| 2019-04-18 | CVE-2019-1796 | Improper Input Validation vulnerability in Cisco products A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.5 |
| 2019-04-17 | CVE-2018-0382 | Improper Authentication vulnerability in Cisco Wireless LAN Controller Software 8.1(111.0)/8.5(120.0) A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 7.5 |
| 2019-04-17 | CVE-2018-0248 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. | 4.9 |
| 2018-10-17 | CVE-2018-0443 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.2(151.0) A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |