Risk | Low |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2018-0420 CVE-2018-0416 CVE-2018-0417 CVE-2018-0442 CVE-2018-0443 CVE-2018-15395 CVE-2018-0388 |
CWE-ID | CWE-22 CWE-200 CWE-264 CWE-79 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Wireless LAN Controller Hardware solutions / Firmware |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU15408
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0420
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists in the web-based interface of Cisco Wireless LAN Controller Software due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. A remote attacker can use directory traversal techniques to submit a path to a desired file location and view system files on the targeted device, which may contain sensitive information.
MitigationThe vulnerability has been addressed in the versions 8.7(102.0), 8.7(1.11), 8.6(101.0), 8.6(1.98), 8.5(110.0), 8.5(107.54), 8.3(140.0), 8.3(134.89), 8.2(170.0), 8.2(167.208), 8.2(167.8).
Vulnerable software versionsCisco Wireless LAN Controller: 8.2.151.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15409
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0416
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the web-based interface of Cisco Wireless LAN Controller Software due to incomplete input and validation checking mechanisms in the web-based interface URL request. A remote attacker can request specific URLs via the web-based interface and view sensitive system information.
MitigationThe vulnerability has been addressed in the versions 8.9(1.65), 8.8(100.0), 8.8(1.176), 8.5(137.11), 8.5(135.0), 8.5(134.102), 8.5(131.8), 8.5(124.106), 8.3(141.10).
Vulnerable software versionsCisco Wireless LAN Controller: 8.5.130.0 - 8.9.1.52
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-id
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15410
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0417
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. A remote attacker can authenticate via TACACS to the GUI on the affected device, create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.
MitigationThe vulnerability has been addressed in the versions 8.8(1.57), 8.7(102.0), 8.7(1.135), 8.5(131.0), 8.5(124.51), 8.3(143.6), 8.2(170.0), 8.2(167.211).
Vulnerable software versionsCisco Wireless LAN Controller: 8.7.1.115
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15411
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0442
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. A remote attacker can send a specially crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device, retrieve the contents of device memory, which can lead to the disclosure of confidential information.
MitigationThe vulnerability has been addressed in the versions 8.7(102.0), 8.7(1.14), 8.6(101.0), 8.6(1.103), 8.5(110.0), 8.5(107.59), 8.3(140.0), 8.3(134.67), 8.2(170.0), 8.2(167.207), 8.2(167.8), 8.0(154.2).
Vulnerable software versions: 8.2.151.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15412
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0443
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software due to improper input validation on fields within CAPWAP Discovery Request packets. A remote attacker can cause the Cisco WLC Software to disconnect associated access points (APs).
MitigationThe vulnerability has been addressed in the versions 8.7(102.0), 8.7(1.14), 8.6(101.0), 8.6(1.103), 8.5(110.0), 8.5(107.59), 8.3(140.0), 8.3(134.67), 8.2(170.0), 8.2(167.207), 8.2(167.8), 8.0(154.2).
Vulnerable software versions: 8.2.151.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15413
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15395
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An adjacent attacker can attempt to acquire an SGT from other SSIDs within the domain and gain privileged network access that should be prohibited under normal circumstances.
MitigationThe vulnerability has been addressed in the versions 8.8(1.86), 8.5(131.0), 8.5(124.33), 8.5(120.7), 8.5(120.6)
Vulnerable software versionsCisco Wireless LAN Controller: 8.5.120.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15414
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0388
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote authenticated attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been addressed in the versions 8.9(1.11), 8.8(106.22), 8.8(100.0), 8.8(1.116), 8.5(137.1), 8.5(135.0), 8.5(134.102), 8.5(131.7), 8.5(124.106), 8.3(141.10), 8.2(170.0), 8.2(167.211).
Cisco Wireless LAN Controller: 8.3.133.0 - 8.5.120.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlan-xss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.