Vulnerability Details : CVE-2016-1363
Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.
Vulnerability category: OverflowExecute code
Products affected by CVE-2016-1363
- Cisco » Wireless Lan Controller SoftwareVersions from including (>=) 7.5.0 and before (<) 8.0.115.0cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
- Cisco » Wireless Lan Controller SoftwareVersions from including (>=) 7.2.0 and before (<) 7.4.140.0cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1363
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-1363
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1363
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd
Cisco Wireless LAN Controller HTTP Parsing Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1035633
Cisco Wireless LAN Controller HTTP URL Redirect Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
Jump to