CVE-2018-0248 – Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0248
A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. • http://www.securityfocus.com/bid/108009 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-gui • CWE-20: Improper Input Validation •
CVE-2018-0417 – Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0417
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited. Una vulnerabilidad en la autenticación TACACS con Cisco Wireless LAN Controller (WLC) Software podría permitir que un atacante local autenticado realice ciertas operaciones en la interfaz de usuario que no deberían estar disponibles a ese usuario de la interfaz de línea de comandos. • http://www.securityfocus.com/bid/105667 http://www.securitytracker.com/id/1041924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2018-0442 – Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-0442
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information. Una vulnerabilidad en el componente del protocolo CAPWAP (Control and Provisioning of Wireless Access Points) de Cisco Wireless LAN Controller (WLC) Software podría permitir que un atacante remoto no autenticado recupere el contenido de la memoria, lo que podría conducir a la divulgación de información confidencial. • http://www.securityfocus.com/bid/105664 http://www.securitytracker.com/id/1041923 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6375
https://notcve.org/view.php?id=CVE-2016-6375
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221. Dispositivos Cisco Wireless LAN Controller (WLC) en versiones anteriores a 8.0.140.0, 8.1.x y 8.2.x en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores a 8.3.102.0 permiten a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante el envío de paquetes Inter-Access Point Protocol (IAPP) manipulados y después, el envío de peticiones de información de métricas de flujo de tráfico (TSM) a través de SNMP, vulnerabilidad también conocida como Bug ID CSCuz40221. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1 http://www.securityfocus.com/bid/92712 http://www.securitytracker.com/id/1036721 • CWE-399: Resource Management Errors •
CVE-2015-0690
https://notcve.org/view.php?id=CVE-2015-0690
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. Vulnerabilidad de XSS en el sistema de ayuda de HTML en los dispositivos Cisco Wireless LAN Controller (WLC) anterior a 8.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, también conocido como Bug ID CSCun95178. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38222 http://www.securitytracker.com/id/1032024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •