CVE-2009-1165

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller versions 4.x before 4.2.205.0 Cisco Wireless LAN Controller versions 5.0 before 5.2.178.0 Cisco Wireless LAN Controller versions 5.1 before 5.1.163.0 Cisco Wireless LAN Controller versions 5.2 before 5.2.178.0

Description A memory leak issue in the Cisco Wireless LAN Controller platform allows remote attackers to cause a denial of service via SSH management connections, resulting in memory consumption and device reload. Additionally, multiple vulnerabilities exist, including malformed HTTP or HTTPS authentication response denial of service, SSH connections denial of service, crafted HTTP or HTTPS request denial of service, and crafted HTTP or HTTPS request unauthorized configuration modification.

Recommendations For versions 4.x before 4.2.205.0, update to version 4.2.205.0 or later. For versions 5.0 before 5.2.178.0, update to version 5.2.178.0 or later. For versions 5.1 before 5.1.163.0, update to version 5.1.163.0 or later. For versions 5.2 before 5.2.178.0, update to version 5.2.178.0 or later. As a temporary workaround, consider restricting SSH management connections to minimize the risk of exploitation.