Lucene search

CiscoCVELIST:CVE-2018-0416

HistoryOct 17, 2018 - 7:00 p.m.

CVE-2018-0416 Cisco Wireless LAN Controller Software Information Disclosure Vulnerability

2018-10-1719:00:00

CWE-20

cisco

www.cve.org

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information.

CNA Affected

[
  {
    "product": "Cisco Wireless LAN Controller (WLC)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105675

www.securitytracker.com/id/1041928

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-id

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

Related for CVELIST:CVE-2018-0416