Command Injection Vulnerability in Cisco Wireless LAN Controller
CVE-2015-4224

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Controller Software
Vendor: CVE Published:; 26 June 2015

Summary

Certain Cisco Wireless LAN Controller (WLC) devices running software version 7.0(240.0) have a command injection vulnerability that allows local users to execute arbitrary operating system commands with elevated privileges. This issue arises when crafted commands are sent through the command-line interface (CLI), potentially leading to unauthorized actions on the device. Affected users are encouraged to consult Cisco's guidance for proper mitigation strategies.

References

http://www.securityfocus.com/bid/75415

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032728

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 26, 2015
Vulnerability Reserved
Jun 4, 2015