CVE-2009-1166

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) platform versions 4.x through 4.2.204.0 Cisco Wireless LAN Controller (WLC) platform versions 5.x through 5.2.190.0

Description The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform allows remote attackers to cause a denial of service (device reload) via a crafted HTTP or HTTPS request. Multiple vulnerabilities exist in the Cisco Wireless LAN Controller platforms, including a malformed HTTP or HTTPS authentication response denial of service vulnerability, an SSH connections denial of service vulnerability, a crafted HTTP or HTTPS request denial of service vulnerability, and a crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.

Recommendations For versions 4.x through 4.2.204.0, update to version 4.2.205.0 or later. For versions 5.x through 5.2.190.0, update to version 5.2.191.0 or later. As a temporary workaround, consider restricting access to the administrative web interface until a patch is available. Avoid using crafted HTTP or HTTPS requests in the affected API endpoints until the issue is resolved.