CVE-2018-0443

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.

Una vulnerabilidad en el componente del protocolo CAPWAP (Control and Provisioning of Wireless Access Points) de Cisco Wireless LAN Controller (WLC) Software podría permitir que un atacante remoto no autenticado provoque una denegación de servicio (DoS). Esta vulnerabilidad se debe a una validación de entradas incorrecta en los campos de los paquetes CAPWAP Discovery Request por parte del dispositivo afectado. Un atacante podría explotar esta vulnerabilidad enviando paquetes CAPWAP Discovery Request maliciosos a Cisco WLC Software. Su explotación con éxito podría permitir que el atacante provoque que Cisco WLC Software desconecte los puntos de acceso (AP) asociados. Mientras los AP se desconectan y reconectan, el servicio dejará de estar disponible por un breve periodo de tiempo, lo que resulta en una denegación de servicio (DoS).

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-10-17 CVE Published
2024-08-01 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-399: Resource Management Errors

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/105686	Third Party Advisory
http://www.securitytracker.com/id/1041922	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-dos	2020-08-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software"				8.2\(151.0\) Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "8.2\(151.0\)"		-		Affected