Sign-up

ID

VAR-201904-0561


CVE

CVE-2018-0382


TITLE

Cisco Wireless LAN Controller Software authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003538

DESCRIPTION

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected. Cisco Wireless LAN Controller (WLC) There is an authentication vulnerability in the software.Information may be tampered with. This issue is being tracked by Cisco bug ID CSCvi25569. The vulnerability is caused by the lack of authentication measures or insufficient authentication strength in the network system or product

Trust: 1.98

sources: NVD: CVE-2018-0382 // JVNDB: JVNDB-2019-003538 // BID: 108005 // VULHUB: VHN-118584

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1\(111.0\)

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5\(120.0\)

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5

Trust: 0.8

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.5(120.0)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.1(111.0)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.9(1.37)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.8(120.0)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.8(114.144)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.5(144.5)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.3(146.2)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.3(144.45)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.3(143.11)

Trust: 0.3

sources: BID: 108005 // JVNDB: JVNDB-2019-003538 // NVD: CVE-2018-0382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0382
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0382
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0382
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-850
value: HIGH

Trust: 0.6

VULHUB: VHN-118584
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0382
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118584
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0382
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2018-0382
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118584 // JVNDB: JVNDB-2019-003538 // CNNVD: CNNVD-201904-850 // NVD: CVE-2018-0382 // NVD: CVE-2018-0382

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118584 // JVNDB: JVNDB-2019-003538 // NVD: CVE-2018-0382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-850

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-850

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003538

PATCH
title:cisco-sa-20190417-wlan-hijackurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlan-hijack
Trust: 0.8
title:Cisco Wireless LAN Controller Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91684
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003538 // 
            
            
            
            CNNVD: CNNVD-201904-850

EXTERNAL IDS
db:NVDid:CVE-2018-0382
Trust: 2.8
db:BIDid:108005
Trust: 2.0
db:JVNDBid:JVNDB-2019-003538
Trust: 0.8
db:CNNVDid:CNNVD-201904-850
Trust: 0.7
db:AUSCERTid:ESB-2019.1333
Trust: 0.6
db:VULHUBid:VHN-118584
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118584 // 
            
            
            
            BID: 108005 // 
            
            
            
            JVNDB: JVNDB-2019-003538 // 
            
            
            
            CNNVD: CNNVD-201904-850 // 
            
            
            
            NVD: CVE-2018-0382

REFERENCES
url:http://www.securityfocus.com/bid/108005
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-wlan-hijack
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2018-0382
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0382
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-wlc-cert-dos
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79298
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-wireless-lan-controller-privilege-escalation-via-session-identification-management-29088
Trust: 0.6
sources:
            
            
            VULHUB: VHN-118584 // 
            
            
            
            BID: 108005 // 
            
            
            
            JVNDB: JVNDB-2019-003538 // 
            
            
            
            CNNVD: CNNVD-201904-850 // 
            
            
            
            NVD: CVE-2018-0382

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108005 // 
            
            
            
            CNNVD: CNNVD-201904-850

SOURCES
db:VULHUBid:VHN-118584
db:BIDid:108005
db:JVNDBid:JVNDB-2019-003538
db:CNNVDid:CNNVD-201904-850
db:NVDid:CVE-2018-0382

LAST UPDATE DATE
2024-11-23T22:17:05.287000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118584date:2019-10-09T00:00:00
db:BIDid:108005date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003538date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-850date:2019-04-22T00:00:00
db:NVDid:CVE-2018-0382date:2024-11-21T03:38:06.693

SOURCES RELEASE DATE
db:VULHUBid:VHN-118584date:2019-04-17T00:00:00
db:BIDid:108005date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003538date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-850date:2019-04-17T00:00:00
db:NVDid:CVE-2018-0382date:2019-04-17T22:29:00.280