CVE-2018-0248
Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.
Una vulnerabilidad en la característica de configuración de la GUI administrativa de Wireless LAN Controller (WLC) de Cisco, podría permitir que un atacante remoto, no autenticado, hiciera que el dispositivo se recargue inesperadamente durante la configuración del dispositivo cuando el administrador usa esta GUI, causando una condición de denegación de servicio (DoS) en un dispositivo afectado. El atacante necesitaría tener credenciales de administrador válidas en el dispositivo. Esta vulnerabilidad se debe a la validación de entrada incompleta para las opciones de configuración inesperadas que el atacante podría enviar al acceder a los menús de configuración de la GUI. Un atacante podría explotar estas vulnerabilidades al autenticarse en el dispositivo y enviar una entrada de usuario creada al usar la función de configuración administrativa de la GUI. Una explotación con éxito podría permitir al atacante hacer que el dispositivo se recargue, lo que resulta en una condición DoS. Las versiones del programa anteriores a 8.3.150.0, 8.5.140.0, 8.8.111.0 están afectadas por esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2017-11-27 CVE Reserved
- 2019-04-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108009 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-gui | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | < 8.3.150.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version " < 8.3.150.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | >= 8.4 < 8.5.140.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version " >= 8.4 < 8.5.140.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | >= 8.6 < 8.8.111.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version " >= 8.6 < 8.8.111.0" | - |
Affected
| ||||||