// For flags

CVE-2018-0248

Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities

Severity Score

4.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.

Una vulnerabilidad en la característica de configuración de la GUI administrativa de Wireless LAN Controller (WLC) de Cisco, podría permitir que un atacante remoto, no autenticado, hiciera que el dispositivo se recargue inesperadamente durante la configuración del dispositivo cuando el administrador usa esta GUI, causando una condición de denegación de servicio (DoS) en un dispositivo afectado. El atacante necesitaría tener credenciales de administrador válidas en el dispositivo. Esta vulnerabilidad se debe a la validación de entrada incompleta para las opciones de configuración inesperadas que el atacante podría enviar al acceder a los menús de configuración de la GUI. Un atacante podría explotar estas vulnerabilidades al autenticarse en el dispositivo y enviar una entrada de usuario creada al usar la función de configuración administrativa de la GUI. Una explotación con éxito podría permitir al atacante hacer que el dispositivo se recargue, lo que resulta en una condición DoS. Las versiones del programa anteriores a 8.3.150.0, 8.5.140.0, 8.8.111.0 están afectadas por esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2019-04-17 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Wireless Lan Controller Software
Search vendor "Cisco" for product "Wireless Lan Controller Software"
< 8.3.150.0
Search vendor "Cisco" for product "Wireless Lan Controller Software" and version " < 8.3.150.0"
-
Affected
Cisco
Search vendor "Cisco"
Wireless Lan Controller Software
Search vendor "Cisco" for product "Wireless Lan Controller Software"
>= 8.4 < 8.5.140.0
Search vendor "Cisco" for product "Wireless Lan Controller Software" and version " >= 8.4 < 8.5.140.0"
-
Affected
Cisco
Search vendor "Cisco"
Wireless Lan Controller Software
Search vendor "Cisco" for product "Wireless Lan Controller Software"
>= 8.6 < 8.8.111.0
Search vendor "Cisco" for product "Wireless Lan Controller Software" and version " >= 8.6 < 8.8.111.0"
-
Affected