CVE-2015-0679

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) versions 7.3(103.8) through 7.4(110.0)

Description The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a malformed password. This issue is due to the improper handling of ill-formed passwords by the web authentication feature. An unauthenticated, adjacent attacker could exploit this vulnerability by submitting ill-formed passwords to an affected device, causing the device to crash and reload, resulting in a DoS condition. To exploit this vulnerability, an attacker must have access to the same broadcast or collision domain as the targeted device.

Recommendations For versions 7.3(103.8) and 7.4(110.0), update to a newer version that includes the software updates released by Cisco to fix this issue. As a temporary workaround, consider restricting access to the web authentication feature to minimize the risk of exploitation.