CVE-2016-6375

moderate-risk

Published 2016-09-12

Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.

Do I need to act?

-

0.28% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.3/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (20)

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Wireless Lan Controller Software

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/92712

http://www.securitytracker.com/id/1036721

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/92712

http://www.securitytracker.com/id/1036721

45

/ 100

moderate-risk

Severity 14/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 30/34 · Critical