CVE-2019-1805

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) Software versions prior to 8.5(140.0)

Description A vulnerability in the Secure Shell (SSH) server implementation could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The issue is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections. An attacker could exploit this by attempting to establish an SSH connection to an affected controller, potentially allowing access to the device's CLI and enabling further attacks.

Recommendations For versions prior to 8.5(140.0), update to version 8.5(140.0) or later to resolve the issue. As a temporary workaround, consider restricting access to the SSH server implementation until a patch is applied.