CVE-2016-6376

high-risk

Published 2016-09-02

The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263.

Do I need to act?

-

0.30% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Wireless Lan Controller

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/92716

http://www.securitytracker.com/id/1036720

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/92716

http://www.securitytracker.com/id/1036720

52

/ 100

high-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 30/34 · Critical