Cisco Wireless LAN Controller Software Information Disclosure Vulnerability
CVE-2018-0416

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Wireless Lan Controller (wlc)
Vendor
CVE Published:
17 October 2018

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information.

Affected Version(s)

Cisco Wireless LAN Controller (WLC)

References

http://www.securitytracker.com/id/1041928
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105675
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.