CVE-2015-4224

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller versions 7.0(240.0)

Description The issue allows local users to execute arbitrary OS commands in a privileged context via crafted CLI commands. This is due to insufficient input validation, which could enable an attacker to read, write, and overwrite any file on the system or execute arbitrary code. To exploit this, an attacker must authenticate and have local access to the targeted device.

Recommendations For version 7.0(240.0), update to a newer version that includes the fix for this issue, as confirmed by Cisco. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.