Cisco has released software updates to patch several critical and high severity denial-of-service (DoS) vulnerabilities in the company’s Wireless LAN Controller (WLC) products.
The most serious of the flaws, rated critical, is an issue related to the HTTP URL redirect feature of WLC software. The vulnerability (CVE-2016-1363), caused by the improper handling of HTTP traffic, allows an unauthenticated attacker to remotely trigger a buffer overflow and cause affected devices to enter a DoS condition.
The security hole affects Cisco WLC software versions 7.2, 7.3, 7.4 releases prior to 7.4.140.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.115.0(ED).
