A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software.

An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface.

A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability.

There is a workaround that addresses this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software.

An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface.

A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability.

There is a workaround that addresses this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc

Security Impact Rating: High

CVE: CVE-2016-1362