Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)

critical Nessus Plugin ID 70123

Language:

Synopsis

The remote device is missing a vendor-supplied security update.

Description

The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities:

- Malformed HTTP or HTTPS authentication response Denial of Service (CVE-2009-1164)

- SSH connections Denial of Service (CVE-2009-1165)

- Crafted HTTP or HTTPS request Denial of Service (CVE-2009-1166)

- Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability (CVE-2009-1167)

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20090727-wlc.

Plugin Details

Severity: Critical

ID: 70123

File Name: cisco-sa-20090727-wlc.nasl

Version: 1.9

Type: combined

Family: CISCO

Published: 9/25/2013

Updated: 8/20/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:wireless_lan_controller_software, cpe:/h:cisco:wireless_lan_controller

Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port

Exploit Ease: No known exploits are available

Patch Publication Date: 7/27/2009

Vulnerability Publication Date: 7/27/2009

Reference Information

CVE: CVE-2009-1164, CVE-2009-1165, CVE-2009-1166, CVE-2009-1167

BID: 35805, 35817, 35818, 35819

CWE: 399

CISCO-SA: cisco-sa-20090727-wlc

CISCO-BUG-ID: CSCsw40789, CSCsy27708, CSCsy44672, CSXsx03715

Detections

Analytics