#VU15413 Privilege escalation in Cisco Wireless LAN Controller - CVE-2018-15395
Published: October 18, 2018
Vulnerability identifier: #VU15413
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-15395
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Wireless LAN Controller
Cisco Wireless LAN Controller
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an adjacent authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An adjacent attacker can attempt to acquire an SGT from other SSIDs within the domain and gain privileged network access that should be prohibited under normal circumstances.
Remediation
The vulnerability has been addressed in the versions 8.8(1.86), 8.5(131.0), 8.5(124.33), 8.5(120.7), 8.5(120.6)