CVE-2010-2841

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) software versions 4.2 before 4.2.209.0 Cisco Wireless LAN Controller (WLC) software versions 4.2M before 4.2.207.54M Cisco Wireless LAN Controller (WLC) software versions 5.0, 5.1, and 6.0 before 6.0.196.0 Cisco Wireless LAN Controller (WLC) software versions 5.2 before 5.2.193.11

Description The issue allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component. Additionally, there are multiple vulnerabilities, including denial of service, privilege escalation, and access control list bypass vulnerabilities. These vulnerabilities are independent of one another.

Recommendations For versions 4.2 before 4.2.209.0, update to version 4.2.209.0 or later. For versions 4.2M before 4.2.207.54M, update to version 4.2.207.54M or later. For versions 5.0, 5.1, and 6.0 before 6.0.196.0, update to version 6.0.196.0 or later. For versions 5.2 before 5.2.193.11, update to version 5.2.193.11 or later.