CVE-2016-1363

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller Software versions 7.2 through 7.4 before 7.4.140.0(MD) Cisco Wireless LAN Controller Software versions 7.5 through 8.0 before 8.0.115.0(ED)

Description The issue is caused by a buffer overflow in the system redirection functionality. This can be exploited by a remote attacker using a specially crafted HTTP request, potentially allowing the execution of arbitrary code. The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially causing a buffer overflow condition, leading to a denial of service (DoS) condition or allowing the attacker to execute arbitrary code on the device.

Recommendations For versions 7.2 through 7.4, update to version 7.4.140.0(MD) or later. For versions 7.5 through 8.0, update to version 8.0.115.0(ED) or later. As a temporary workaround, consider restricting access to the HTTP URL redirect feature until a patch is available. Avoid using the vulnerable HTTP URL redirect feature in the affected software until the issue is resolved.