#VU15409 Information disclosure in Cisco Wireless LAN Controller - CVE-2018-0416
Published: October 18, 2018 / Updated: October 18, 2018
Vulnerability identifier: #VU15409
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0416
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Wireless LAN Controller
Cisco Wireless LAN Controller
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the web-based interface of Cisco Wireless LAN Controller Software due to incomplete input and validation checking mechanisms in the web-based interface URL request. A remote attacker can request specific URLs via the web-based interface and view sensitive system information.
Remediation
The vulnerability has been addressed in the versions 8.9(1.65), 8.8(100.0), 8.8(1.176), 8.5(137.11), 8.5(135.0), 8.5(134.102), 8.5(131.8), 8.5(124.106), 8.3(141.10).