Main Vulnerability Database Vulnerabilities #VU15412

Information disclosure in Cisco Wireless LAN Controller - CVE-2018-0443

Published: October 18, 2018

Vulnerability identifier: #VU15412

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0443

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Wireless LAN Controller

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software due to improper input validation on fields within CAPWAP Discovery Request packets. A remote attacker can cause the Cisco WLC Software to disconnect associated access points (APs).

How to mitigate CVE-2018-0443

The vulnerability has been addressed in the versions 8.7(102.0), 8.7(1.14), 8.6(101.0), 8.6(1.103), 8.5(110.0), 8.5(107.59), 8.3(140.0), 8.3(134.67), 8.2(170.0), 8.2(167.207), 8.2(167.8), 8.0(154.2).

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-dos

Information disclosure in Cisco Wireless LAN Controller - CVE-2018-0443

Detailed vulnerability description

How to mitigate CVE-2018-0443

Sources

Please verify you're human