A vulnerability in the Web Management GUI of the Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to trigger client disconnection.

The vulnerability is due to a lack of access control to the WLC Web Management GUI. An attacker could exploit this vulnerability by connecting to the IP address of the WLC and triggering client disconnections. The attacker must reach the WLC management IP address on port 80 using its wired interface.

Cisco has not released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc

Leave a Reply