Privilege escalation in Cisco Wireless LAN Controller - CVE-2018-15395
Published: October 18, 2018
Vulnerability identifier: #VU15413
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-15395
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Wireless LAN Controller
Cisco Wireless LAN Controller
Detailed vulnerability description
The vulnerability allows an adjacent authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An adjacent attacker can attempt to acquire an SGT from other SSIDs within the domain and gain privileged network access that should be prohibited under normal circumstances.
How to mitigate CVE-2018-15395
The vulnerability has been addressed in the versions 8.8(1.86), 8.5(131.0), 8.5(124.33), 8.5(120.7), 8.5(120.6)