CVE-2017-12226

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software versions 3.7.0E through 3.7.5E

Description The issue is related to insufficient validation of HTTP requests in the web-based GUI of Cisco IOS XE Software for Wireless LAN Controllers. This could allow a remote attacker, authenticated as a Lobby Administrator, to elevate their privileges and gain full control of the device by changing the GUI connection state or protocol.

Recommendations For versions 3.7.0E through 3.7.5E, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Wireless Controller GUI to minimize the risk of exploitation. Avoid using the GUI connection as a Lobby Administrator until the issue is resolved.