VIR Vulnerability Intelligence Relay

CVE-2016-9194

medium
Published 2017-04-06 · Modified 2026-05-13
CVSS v3
6.5
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2
6.1
VIR risk
6.5

Description

A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.

Predictions

Exploit likelihood
65%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc

Application impact
VendorProductVersionsFixed
ciscowireless_lan_controller5.2.157.0
ciscowireless_lan_controller5.2.169.0
ciscowireless_lan_controller6.0_base
ciscowireless_lan_controller7.0_base
ciscowireless_lan_controller7.1_base
ciscowireless_lan_controller7.2_base
ciscowireless_lan_controller7.3.101.0
ciscowireless_lan_controller7.3.103.8
ciscowireless_lan_controller7.3.112
ciscowireless_lan_controller7.3_base
ciscowireless_lan_controller7.4.1.1
ciscowireless_lan_controller7.4.100
ciscowireless_lan_controller7.4.100.60
ciscowireless_lan_controller7.4.110.0
ciscowireless_lan_controller7.4.121.0
ciscowireless_lan_controller7.4_base
ciscowireless_lan_controller7.5.102.0
ciscowireless_lan_controller7.5.102.11
ciscowireless_lan_controller7.5_base
ciscowireless_lan_controller7.6.1.62
ciscowireless_lan_controller7.6.100.0
ciscowireless_lan_controller7.6.110.0
ciscowireless_lan_controller7.6.120.0
ciscowireless_lan_controller7.6.130.0
ciscowireless_lan_controller8.0.0
ciscowireless_lan_controller8.0.0.30220.385
ciscowireless_lan_controller8.0.72.140
ciscowireless_lan_controller8.0.100
ciscowireless_lan_controller8.0.115.0
ciscowireless_lan_controller8.0.120.0
ciscowireless_lan_controller8.0.121.0
ciscowireless_lan_controller8.1.0
ciscowireless_lan_controller8.1.104.37
ciscowireless_lan_controller8.1.111.0
ciscowireless_lan_controller8.1.122.0
ciscowireless_lan_controller8.1.130.0
ciscowireless_lan_controller_6.0182.0
ciscowireless_lan_controller_6.0188.0
ciscowireless_lan_controller_6.0196.0
ciscowireless_lan_controller_6.0199.4
ciscowireless_lan_controller_6.0202.0
ciscowireless_lan_controller_7.098.0
ciscowireless_lan_controller_7.098.218
ciscowireless_lan_controller_7.0116.0
ciscowireless_lan_controller_7.0220.0
ciscowireless_lan_controller_7.0240.0
ciscowireless_lan_controller_7.0250.0
ciscowireless_lan_controller_7.0252.0
ciscowireless_lan_controller_7.191.0
ciscowireless_lan_controller_7.2103.0
ciscowireless_lan_controller_7.41.19
ciscowireless_lan_controller_7.41.54
ciscowireless_lan_controller_7.4140.0

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.