Details of VAR-201810-0297

ID

VAR-201810-0297

CVE

CVE-2018-0417

TITLE

Cisco Wireless LAN Controller Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-013818

DESCRIPTION

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited. The Cisco Wireless LAN Controller (WLC) is a wireless LAN controller product from Cisco. The product provides security policy, intrusion detection and other functions in the wireless LAN. This issue is tracked by Cisco Bug ID CSCvh65876. There is a security vulnerability in the TACACS authentication mechanism in Cisco WLC Software

Trust: 2.61

sources: NVD: CVE-2018-0417 // JVNDB: JVNDB-2018-013818 // CNVD: CNVD-2018-21192 // BID: 105667 // VULHUB: VHN-118619 // VULMON: CVE-2018-0417

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-21192

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	gte	version:	8.4	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.7.102.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.7\(1.115\)	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.2.170.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	lt	version:	8.5.131.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controllers	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.7	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.5.120.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.5.105.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.5.103.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.2.141.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.2.130.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.2	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.7.106.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.7.102.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.5.135.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.5.131.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller software	scope:	ne	version:	8.2.170.0	Trust: 0.3

sources: CNVD: CNVD-2018-21192 // BID: 105667 // JVNDB: JVNDB-2018-013818 // NVD: CVE-2018-0417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0417
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-0417
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0417
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-21192
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201810-986
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118619
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-0417
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0417
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-21192
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118619
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0417
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-0417
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2018-0417
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-21192 // VULHUB: VHN-118619 // VULMON: CVE-2018-0417 // JVNDB: JVNDB-2018-013818 // CNNVD: CNNVD-201810-986 // NVD: CVE-2018-0417 // NVD: CVE-2018-0417

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118619 // JVNDB: JVNDB-2018-013818 // NVD: CVE-2018-0417

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-986

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201810-986

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013818

PATCH

title:	cisco-sa-20181017-wlc-gui-privesc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc	Trust: 0.8
title:	Patch for CiscoWirelessLANControllerSoftwareGUI Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/142685	Trust: 0.6
title:	Cisco Wireless LAN Controller Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86057	Trust: 0.6
title:	Cisco: Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20181017-wlc-gui-privesc	Trust: 0.1

sources: CNVD: CNVD-2018-21192 // VULMON: CVE-2018-0417 // JVNDB: JVNDB-2018-013818 // CNNVD: CNNVD-201810-986

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0417	Trust: 3.5
db:	BID	id:	105667	Trust: 2.1
db:	SECTRACK	id:	1041924	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-013818	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-986	Trust: 0.7
db:	CNVD	id:	CNVD-2018-21192	Trust: 0.6
db:	VULHUB	id:	VHN-118619	Trust: 0.1
db:	VULMON	id:	CVE-2018-0417	Trust: 0.1

sources: CNVD: CNVD-2018-21192 // VULHUB: VHN-118619 // VULMON: CVE-2018-0417 // BID: 105667 // JVNDB: JVNDB-2018-013818 // CNNVD: CNNVD-201810-986 // NVD: CVE-2018-0417

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181017-wlc-gui-privesc	Trust: 2.8
url:	http://www.securityfocus.com/bid/105667	Trust: 1.9
url:	http://www.securitytracker.com/id/1041924	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0417	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0417	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-21192 // VULHUB: VHN-118619 // VULMON: CVE-2018-0417 // BID: 105667 // JVNDB: JVNDB-2018-013818 // CNNVD: CNNVD-201810-986 // NVD: CVE-2018-0417

CREDITS

Cisco

Trust: 0.3

sources: BID: 105667

SOURCES

db:	CNVD	id:	CNVD-2018-21192
db:	VULHUB	id:	VHN-118619
db:	VULMON	id:	CVE-2018-0417
db:	BID	id:	105667
db:	JVNDB	id:	JVNDB-2018-013818
db:	CNNVD	id:	CNNVD-201810-986
db:	NVD	id:	CVE-2018-0417

LAST UPDATE DATE

2024-11-23T22:17:17.709000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-21192	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-118619	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0417	date:	2021-04-16T00:00:00
db:	BID	id:	105667	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-013818	date:	2019-03-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-986	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0417	date:	2024-11-21T03:38:11.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-21192	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-118619	date:	2018-10-17T00:00:00
db:	VULMON	id:	CVE-2018-0417	date:	2018-10-17T00:00:00
db:	BID	id:	105667	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-013818	date:	2019-03-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-986	date:	2018-10-18T00:00:00
db:	NVD	id:	CVE-2018-0417	date:	2018-10-17T22:29:00.363