Vulnerability identifier: #VU15410

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0417

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Wireless LAN Controller
Hardware solutions / Firmware

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. A remote attacker can authenticate via TACACS to the GUI on the affected device, create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.

Mitigation
The vulnerability has been addressed in the versions 8.8(1.57), 8.7(102.0), 8.7(1.135), 8.5(131.0), 8.5(124.51), 8.3(143.6), 8.2(170.0), 8.2(167.211).

Vulnerable software versions

Cisco Wireless LAN Controller: 8.7.1.115

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.