CVE-2012-5991

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller Software version 7.2.110.0

Description The issue allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth type request. It is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker could exploit the issue by sending crafted HTTP GET requests to the targeted system, causing the vulnerable software to terminate abnormally and denying service to legitimate users. Only users who can authenticate to the affected software could exploit the issue, and affected systems typically have restricted access, limiting the potential for exploitation.

Recommendations For Cisco Wireless LAN Controller Software version 7.2.110.0, as a temporary workaround, consider restricting access to the screens/base/web auth custom.html page until a patch is available. Additionally, restrict access to the internal webauth type request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.