Details of VAR-201810-0317

ID

VAR-201810-0317

CVE

CVE-2018-0442

TITLE

Cisco Wireless LAN Controller Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-013821

DESCRIPTION

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information. The product provides security policy, intrusion detection and other functions in the wireless LAN. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvf66680

Trust: 2.52

sources: NVD: CVE-2018-0442 // JVNDB: JVNDB-2018-013821 // CNVD: CNVD-2018-21194 // BID: 105664 // VULHUB: VHN-118644

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-21194

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	8.4	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	8.3	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.5.110.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.7.102.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.3.140.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	8.7	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.6.101.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	8.6	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.2.170.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	provisioning of wireless access points protocol	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	series wireless controllers	scope:	eq	version:	55008.2(151.0)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.7(102.0)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.7(1.14)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.6(101.0)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.6(1.103)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.5(110.0)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.5(107.59)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.3(140.0)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.3(134.67)	Trust: 0.3
vendor:	cisco	model:	series wireless controllers	scope:	ne	version:	55008.2(170.0)	Trust: 0.3

sources: CNVD: CNVD-2018-21194 // BID: 105664 // JVNDB: JVNDB-2018-013821 // NVD: CVE-2018-0442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0442
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-0442
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0442
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-21194
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201810-983
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118644
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0442
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-21194
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118644
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2018-0442
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2018-0442
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2018-21194 // VULHUB: VHN-118644 // JVNDB: JVNDB-2018-013821 // CNNVD: CNNVD-201810-983 // NVD: CVE-2018-0442 // NVD: CVE-2018-0442

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118644 // JVNDB: JVNDB-2018-013821 // NVD: CVE-2018-0442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-983

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-983

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013821

PATCH

title:	cisco-sa-20181017-wlc-capwap-memory-leak	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak	Trust: 0.8
title:	CiscoWirelessLANControllerSoftwareControlandProvisioningofWirelessAccessPointsProtocol Patch for Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/142687	Trust: 0.6
title:	Cisco Wireless LAN Controller Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86054	Trust: 0.6

sources: CNVD: CNVD-2018-21194 // JVNDB: JVNDB-2018-013821 // CNNVD: CNNVD-201810-983

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0442	Trust: 3.4
db:	BID	id:	105664	Trust: 2.0
db:	SECTRACK	id:	1041923	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013821	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-983	Trust: 0.7
db:	CNVD	id:	CNVD-2018-21194	Trust: 0.6
db:	VULHUB	id:	VHN-118644	Trust: 0.1

sources: CNVD: CNVD-2018-21194 // VULHUB: VHN-118644 // BID: 105664 // JVNDB: JVNDB-2018-013821 // CNNVD: CNNVD-201810-983 // NVD: CVE-2018-0442

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181017-wlc-capwap-memory-leak	Trust: 2.6
url:	http://www.securityfocus.com/bid/105664	Trust: 1.7
url:	http://www.securitytracker.com/id/1041923	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0442	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0442	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-21194 // VULHUB: VHN-118644 // BID: 105664 // JVNDB: JVNDB-2018-013821 // CNNVD: CNNVD-201810-983 // NVD: CVE-2018-0442

CREDITS

Cisco

Trust: 0.3

sources: BID: 105664

SOURCES

db:	CNVD	id:	CNVD-2018-21194
db:	VULHUB	id:	VHN-118644
db:	BID	id:	105664
db:	JVNDB	id:	JVNDB-2018-013821
db:	CNNVD	id:	CNNVD-201810-983
db:	NVD	id:	CVE-2018-0442

LAST UPDATE DATE

2024-11-23T22:58:50.488000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-21194	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-118644	date:	2020-10-22T00:00:00
db:	BID	id:	105664	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-013821	date:	2019-03-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-983	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2018-0442	date:	2024-11-21T03:38:14.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-21194	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-118644	date:	2018-10-17T00:00:00
db:	BID	id:	105664	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-013821	date:	2019-03-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-983	date:	2018-10-18T00:00:00
db:	NVD	id:	CVE-2018-0442	date:	2018-10-17T22:29:00.647