Cisco Wireless Lan Controller Software — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Wireless Lan Controller Software, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (88)
CVE-2007-2036 — CVSS 10.0 (critical): The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the…
CVE-2014-0703 — CVSS 10.0 (critical): Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the…
CVE-2015-6314 — CVSS 9.8 (critical): Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to…
CVE-2016-1363 — CVSS 9.8 (critical): Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and…
CVE-2012-0371 — CVSS 9.3 (critical): Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow…
CVE-2013-1105 — CVSS 9.0 (critical): Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0…
CVE-2010-2842 — CVSS 9.0 (critical): Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access…
CVE-2013-1104 — CVSS 9.0 (critical): The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users…
CVE-2010-3033 — CVSS 9.0 (critical): Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access…
CVE-2010-2843 — CVSS 9.0 (critical): Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access…
CVE-2009-0062 — CVSS 9.0 (critical): Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco…
CVE-2017-3854 — CVSS 8.8 (high): A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to…
CVE-2019-1797 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated…
CVE-2018-0252 — CVSS 8.6 (high): A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller…
CVE-2024-20271 — CVSS 8.6 (high): A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a…
CVE-2020-3560 — CVSS 8.6 (high): A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on…
CVE-2009-0059 — CVSS 7.8 (high): The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless…
CVE-2009-0061 — CVSS 7.8 (high): Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless…
CVE-2010-0574 — CVSS 7.8 (high): Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M…
CVE-2021-1419 — CVSS 7.8 (high): A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to…
CVE-2011-1613 — CVSS 7.8 (high): Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before…
CVE-2012-0368 — CVSS 7.8 (high): The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before…
CVE-2012-0369 — CVSS 7.8 (high): Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow…
CVE-2012-0370 — CVSS 7.8 (high): Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is…
CVE-2013-1102 — CVSS 7.8 (high): The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before…
CVE-2013-1103 — CVSS 7.8 (high): Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote…
CVE-2014-0701 — CVSS 7.8 (high): Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory…
CVE-2014-0706 — CVSS 7.8 (high): Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of…
CVE-2014-0707 — CVSS 7.8 (high): Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device…
CVE-2018-0417 — CVSS 7.8 (high): A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to…
CVE-2018-0442 — CVSS 7.5 (high): A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller…
CVE-2018-0443 — CVSS 7.5 (high): A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller…
CVE-2021-1437 — CVSS 7.5 (high): A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote…
CVE-2016-9219 — CVSS 7.5 (high): A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated…
CVE-2017-12280 — CVSS 7.5 (high): A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco…
CVE-2016-1364 — CVSS 7.5 (high): Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to…
CVE-2022-20769 — CVSS 7.4 (high): A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated…
CVE-2018-0235 — CVSS 7.4 (high): A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated…
CVE-2017-12275 — CVSS 7.4 (high): A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN…
CVE-2015-4224 — CVSS 7.2 (high): Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged…
CVE-2014-0705 — CVSS 7.1 (high): The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when…
CVE-2007-4012 — CVSS 7.1 (high): Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote…
CVE-2014-0704 — CVSS 7.1 (high): The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3…
CVE-2007-4011 — CVSS 7.1 (high): Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before…
CVE-2012-5992 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow…
CVE-2015-0726 — CVSS 6.8 (medium): The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and…
CVE-2018-0248 — CVSS 6.8 (medium): A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an…
CVE-2010-2841 — CVSS 6.8 (medium): Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0…
CVE-2021-1449 — CVSS 6.7 (medium): A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at…
CVE-2019-1796 — CVSS 6.5 (medium): A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow…
CVE-2019-15276 — CVSS 6.5 (medium): A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker…
CVE-2019-1799 — CVSS 6.5 (medium): A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow…
CVE-2018-0420 — CVSS 6.5 (medium): A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view…
CVE-2023-20056 — CVSS 6.5 (medium): A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of…
CVE-2016-1460 — CVSS 6.5 (medium): Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted…
CVE-2019-1800 — CVSS 6.5 (medium): A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow…
CVE-2012-5991 — CVSS 6.3 (medium): screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users…
CVE-2017-12278 — CVSS 6.3 (medium): A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated…
CVE-2007-2040 — CVSS 6.2 (medium): Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded…
CVE-2015-0679 — CVSS 6.1 (medium): The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to…
CVE-2013-1141 — CVSS 6.1 (medium): The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage…
CVE-2009-0058 — CVSS 6.1 (medium): The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless…
CVE-2015-0723 — CVSS 6.1 (medium): The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote…
CVE-2017-12282 — CVSS 6.1 (medium): A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could…
CVE-2007-2039 — CVSS 6.1 (medium): The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows…
CVE-2015-4215 — CVSS 6.1 (medium): Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service…
CVE-2018-15395 — CVSS 5.4 (medium): A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an…
CVE-2018-0382 — CVSS 5.3 (medium): A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC)…
CVE-2018-0416 — CVSS 5.3 (medium): A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker…
CVE-2016-6375 — CVSS 5.3 (medium): Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote…
CVE-2018-0245 — CVSS 5.3 (medium): A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote…
CVE-2010-0575 — CVSS 5.0 (medium): Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the…
CVE-2015-6341 — CVSS 5.0 (medium): The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to…
CVE-2015-6302 — CVSS 5.0 (medium): The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to…
CVE-2015-6258 — CVSS 5.0 (medium): The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote…
CVE-2010-3034 — CVSS 5.0 (medium): Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the…
CVE-2019-1830 — CVSS 4.9 (medium): A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an…
CVE-2018-0388 — CVSS 4.8 (medium): A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to…
CVE-2024-20354 — CVSS 4.7 (medium): A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated…
CVE-2023-20268 — CVSS 4.7 (medium): A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent…
CVE-2018-0247 — CVSS 4.7 (medium): A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco…
CVE-2023-20097 — CVSS 4.6 (medium): A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute…
CVE-2019-15266 — CVSS 4.4 (medium): A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system…
CVE-2021-1423 — CVSS 4.4 (medium): A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to…
CVE-2015-0690 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote…
CVE-2019-1805 — CVSS 4.3 (medium): A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller…
CVE-2012-6007 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software…
CVE-2007-2037 — CVSS 2.9 (low): Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a…