CVE-2019-15262

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:5520_wireless_lan_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:5520_wireless_lan_controller:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:5508_wireless_lan_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:5508_wireless_lan_controller:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:28

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-wlc-ssh-dosĀ - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-wlc-ssh-dosĀ - Vendor Advisory

Information

Published : 2019-10-16 19:15

Updated : 2024-11-21 04:28


NVD link : CVE-2019-15262

Mitre link : CVE-2019-15262

CVE.ORG link : CVE-2019-15262


JSON object : View

Products Affected

cisco

  • 5520_wireless_lan_controller_firmware
  • 5520_wireless_lan_controller
  • 5508_wireless_lan_controller_firmware
  • 5508_wireless_lan_controller
CWE
CWE-20

Improper Input Validation

CWE-404

Improper Resource Shutdown or Release