CVE-2016-6376

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) versions prior to 8.0.140.0 Cisco Wireless LAN Controller (WLC) versions 8.1.x Cisco Wireless LAN Controller (WLC) versions 8.2.x prior to 8.2.121.0 Cisco Wireless LAN Controller (WLC) versions 8.3.x prior to 8.3.102.0

Description The issue allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet. This is due to a lack of proper input validation of wIPS protocol packets. An attacker could exploit this by sending a malformed wIPS packet to the affected device, causing a denial of service condition when the wIPS process on the WLC unexpectedly restarts.

Recommendations For versions prior to 8.0.140.0, update to version 8.0.140.0 or later. For versions 8.1.x, update to version 8.2.121.0 or later. For versions 8.2.x prior to 8.2.121.0, update to version 8.2.121.0 or later. For versions 8.3.x prior to 8.3.102.0, update to version 8.3.102.0 or later.