Security Affairs
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco Wireless LAN Controller affected by severe flaws. Patch it now

Cisco has released a series of security updates to fix several vulnerabilities in the CISCO Wireless LAN Controller (WLC) products. Cisco has released security updates to fix several vulnerabilities in the Wireless LAN Controller (WLC) products. The Cisco Wireless LAN Controllers allow organizations to centrally manage, secure, and configure access points throughout their network infrastructure. […]

Cisco Wireless LAN Controller

Cisco has released a series of security updates to fix several vulnerabilities in the CISCO Wireless LAN Controller (WLC) products.

Cisco has released security updates to fix several vulnerabilities in the Wireless LAN Controller (WLC) products. The Cisco Wireless LAN Controllers allow organizations to centrally manage, secure, and configure access points throughout their network infrastructure.

The HTTP Parsing Denial of Service Vulnerability (CVE-2016-1363) affection the Wireless LAN Controller could be exploited by a remote unauthenticated attacker to cause a buffer overflow and cause a DoS.

“A vulnerability in the HTTP URL redirect feature of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition.” states the security advisory.

The flaw, rated as “critical” by CISCO, is caused by the improper handling of HTTP traffic and it affects WLC software versions 7.2, 7.3, 7.4 releases prior to 7.4.140.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.115.0(ED).

Another DoS vulnerability (CVE-2016-1364) affects the Cisco Wireless LAN Controller and resides in the Bonjour task manager. An attacker can exploit it by sending specially crafted Bonjour traffic to a vulnerable device.

CISCO Wireless LAN Controller

The flaw is rated as “high” and affects the CISCO  Wireless LAN Controller software versions 7.4 prior to 7.4.130.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.110.0(ED).

“A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.”

A third flaw, rated as “high,” is affecting the Cisco Wireless LAN Controller is the CVE-2016-1362 and exists in the web-based management interface of devices running the AireOS software. A remote attacker can trigger the device reload by accessing a URL that is not supported by the management interface. Cisco WLC devices that are running AireOS releases 4.1 through 7.4.120.0, all 7.5 releases, and release 7.6.100.0 are affected.

“A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.” states the advisory.

Don’t waste time, apply the free software updates released by CISCO.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cisco Wireless LAN Controller, security)