Sign-up

ID

VAR-201810-0298


CVE

CVE-2018-0420


TITLE

Cisco Wireless LAN Controller Software path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-013819 // CNNVD: CNNVD-201810-985

DESCRIPTION

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information. The product provides security policy, intrusion detection and other functions in the wireless LAN. This issue is being tracked by Cisco Bug ID CSCvf66723

Trust: 2.52

sources: NVD: CVE-2018-0420 // JVNDB: JVNDB-2018-013819 // CNVD: CNVD-2018-21195 // BID: 105671 // VULHUB: VHN-118622

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-21195

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.2\(151.0\)

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion: -

Trust: 0.3

sources: CNVD: CNVD-2018-21195 // BID: 105671 // JVNDB: JVNDB-2018-013819 // NVD: CVE-2018-0420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0420
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0420
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0420
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-21195
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-985
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118622
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0420
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21195
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118622
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2018-0420
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2018-0420
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2018-21195 // VULHUB: VHN-118622 // JVNDB: JVNDB-2018-013819 // CNNVD: CNNVD-201810-985 // NVD: CVE-2018-0420 // NVD: CVE-2018-0420

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-118622 // JVNDB: JVNDB-2018-013819 // NVD: CVE-2018-0420

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-985

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201810-985

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013819

PATCH
title:cisco-sa-20181017-wlc-traversalurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal
Trust: 0.8
title:CiscoWirelessLANControllerSoftware Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/142689
Trust: 0.6
title:Cisco Wireless LAN Controller Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86056
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-21195 // 
            
            
            
            JVNDB: JVNDB-2018-013819 // 
            
            
            
            CNNVD: CNNVD-201810-985

EXTERNAL IDS
db:NVDid:CVE-2018-0420
Trust: 3.4
db:BIDid:105671
Trust: 2.0
db:SECTRACKid:1041926
Trust: 1.7
db:JVNDBid:JVNDB-2018-013819
Trust: 0.8
db:CNNVDid:CNNVD-201810-985
Trust: 0.7
db:CNVDid:CNVD-2018-21195
Trust: 0.6
db:VULHUBid:VHN-118622
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-21195 // 
            
            
            
            VULHUB: VHN-118622 // 
            
            
            
            BID: 105671 // 
            
            
            
            JVNDB: JVNDB-2018-013819 // 
            
            
            
            CNNVD: CNNVD-201810-985 // 
            
            
            
            NVD: CVE-2018-0420

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181017-wlc-traversal
Trust: 2.6
url:http://www.securityfocus.com/bid/105671
Trust: 1.7
url:http://www.securitytracker.com/id/1041926
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0420
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0420
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-21195 // 
            
            
            
            VULHUB: VHN-118622 // 
            
            
            
            BID: 105671 // 
            
            
            
            JVNDB: JVNDB-2018-013819 // 
            
            
            
            CNNVD: CNNVD-201810-985 // 
            
            
            
            NVD: CVE-2018-0420

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105671

SOURCES
db:CNVDid:CNVD-2018-21195
db:VULHUBid:VHN-118622
db:BIDid:105671
db:JVNDBid:JVNDB-2018-013819
db:CNNVDid:CNNVD-201810-985
db:NVDid:CVE-2018-0420

LAST UPDATE DATE
2024-11-23T21:52:47.582000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-21195date:2018-10-18T00:00:00
db:VULHUBid:VHN-118622date:2023-02-03T00:00:00
db:BIDid:105671date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013819date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-985date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0420date:2024-11-21T03:38:11.510

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-21195date:2018-10-18T00:00:00
db:VULHUBid:VHN-118622date:2018-10-17T00:00:00
db:BIDid:105671date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013819date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-985date:2018-10-18T00:00:00
db:NVDid:CVE-2018-0420date:2018-10-17T22:29:00.457