CVE-2016-9195

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller version 8.3.102.0

Description A vulnerability in RADIUS Change of Authorization (CoA) request processing could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. The issue is due to a lack of proper input validation of the RADIUS CoA packet header. An attacker could exploit this by sending a crafted RADIUS CoA packet to a targeted device, allowing them to disconnect a connection through the WLC unexpectedly.

Recommendations For Cisco Wireless LAN Controller version 8.3.102.0, update to one of the following fixed releases: 8.4(1.49), 8.3(111.0), 8.3(108.0), or 8.3(104.24), 8.3(102.3).