Details of VAR-201805-0491

ID

VAR-201805-0491

CVE

CVE-2018-0245

TITLE

Cisco Wireless LAN Controller Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-004898

DESCRIPTION

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442. Vendors have confirmed this vulnerability Bug ID CSCvg89442 It is released as.Information may be obtained. REST API is one of the real-time communication APIs

Trust: 1.98

sources: NVD: CVE-2018-0245 // JVNDB: JVNDB-2018-004898 // BID: 104123 // VULHUB: VHN-118447

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3\(133.0\)	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.5\(105.0\)	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	-	Trust: 0.3

sources: BID: 104123 // JVNDB: JVNDB-2018-004898 // CNNVD: CNNVD-201805-088 // NVD: CVE-2018-0245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0245
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0245
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201805-088
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118447
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0245
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118447
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0245
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0245
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118447 // JVNDB: JVNDB-2018-004898 // CNNVD: CNNVD-201805-088 // NVD: CVE-2018-0245

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-269	Trust: 1.1

sources: VULHUB: VHN-118447 // JVNDB: JVNDB-2018-004898 // NVD: CVE-2018-0245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-088

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-088

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004898

PATCH

title:

cisco-sa-20180502-wlc-id

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id

Trust: 0.8

sources: JVNDB: JVNDB-2018-004898

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0245	Trust: 2.8
db:	BID	id:	104123	Trust: 2.0
db:	SECTRACK	id:	1040823	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004898	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-088	Trust: 0.6
db:	VULHUB	id:	VHN-118447	Trust: 0.1

sources: VULHUB: VHN-118447 // BID: 104123 // JVNDB: JVNDB-2018-004898 // CNNVD: CNNVD-201805-088 // NVD: CVE-2018-0245

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-wlc-id	Trust: 2.0
url:	http://www.securityfocus.com/bid/104123	Trust: 1.7
url:	http://www.securitytracker.com/id/1040823	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0245	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0245	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118447 // BID: 104123 // JVNDB: JVNDB-2018-004898 // CNNVD: CNNVD-201805-088 // NVD: CVE-2018-0245

CREDITS

Cisco

Trust: 0.3

sources: BID: 104123

SOURCES

db:	VULHUB	id:	VHN-118447
db:	BID	id:	104123
db:	JVNDB	id:	JVNDB-2018-004898
db:	CNNVD	id:	CNNVD-201805-088
db:	NVD	id:	CVE-2018-0245

LAST UPDATE DATE

2024-11-23T22:34:17.132000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118447	date:	2020-09-04T00:00:00
db:	BID	id:	104123	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004898	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-088	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0245	date:	2024-11-21T03:37:48.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118447	date:	2018-05-02T00:00:00
db:	BID	id:	104123	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004898	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-088	date:	2018-05-02T00:00:00
db:	NVD	id:	CVE-2018-0245	date:	2018-05-02T22:29:00.450