Cisco Wireless LAN Controller Software Directory Traversal Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information.

N/A

对路径名的限制不恰当(路径遍历)

Cisco Wireless LAN Controller Software 路径遍历漏洞

Cisco Wireless LAN Controller（WLC）Software是美国思科（Cisco）公司的一套用于配置和管理WLC（无线局域网控制器）的软件。 Cisco WLC Software中的基于Web的界面存在安全漏洞，该漏洞源于程序没有正确的过滤用户提交的HTTP请求。远程攻击者可通过向指定文件地址提交路径利用该漏洞查看敏感信息。

N/A

N/A