CVE-2019-1800

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:37

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108008 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/108008 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp - Vendor Advisory

Information

Published : 2019-04-18 01:29

Updated : 2024-11-21 04:37


NVD link : CVE-2019-1800

Mitre link : CVE-2019-1800

CVE.ORG link : CVE-2019-1800


JSON object : View

Products Affected

cisco

  • wireless_lan_controller
  • wireless_lan_controller_software
CWE
CWE-399

Resource Management Errors

CWE-20

Improper Input Validation