Multiple vulnerabilities in Cisco 5500 Series Wireless Controllers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-0235 CVE-2018-0252 CVE-2018-0245 CVE-2018-0247 |
| CWE-ID | CWE-20 CWE-399 CWE-200 CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco 5500 Series Wireless Controllers Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU12374
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the 802.11 frame validation functionality due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An adjacent attacker can send a specially crafted 802.11 management frame and cause the service to crash.
MitigationUpdate to versions 8.7(102.0), 8.7(1.35), 8.6(101.0), 8.6(1.132), 8.5(110.0) or 8.5(107.62).
Cisco 5500 Series Wireless Controllers: 8.6.1.106 - 8.6.1.114
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management errors
EUVDB-ID: #VU12375
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0252
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the IP Version 4 (IPv4) fragment reassembly function due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. A remote attacker can send specially crafted IPv4 fragments and cause the service to crash.
Update to versions 8.7(102.0), 8.7(1.68), 8.6(101.0), 8.6(1.135), 8.5(110.0) or 8.5(107.64).
Cisco 5500 Series Wireless Controllers: 8.4.100.0 - 8.6.1.108
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU12376
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0245
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in the REST API due to incomplete input and validation checking mechanisms in the REST API URL request. A remote attacker can send a specially crafted URL to the REST API and gain access to potentially sensitive information.
Update to versions 8.8(1.4), 8.7(102.0), 8.7(1.124), 8.6(101.0), 8.6(1.181), 8.5(110.0), 8.5(107.110), 8.3(140.0) or 8.3(134.81).
Cisco 5500 Series Wireless Controllers: 8.3.133.0 - 8.5.105.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper authentication
EUVDB-ID: #VU12373
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0247
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An adjacent attacker can send traffic to local network resources without having gone through authentication, bypass authentication and pass traffic.
Install update from vendor's website.
Vulnerable software versionsCisco 5500 Series Wireless Controllers: 8.3.104.105
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
