Sign-up

ID

VAR-201904-0648


CVE

CVE-2018-0248


TITLE

Cisco Wireless LAN Controller Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003588

DESCRIPTION

A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability. Cisco Wireless LAN Controller (WLC) The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Wireless LAN Controller is prone to multiple denial-of-service vulnerabilities. These issues are being tracked by Cisco Bug IDs CSCvb35683, CSCvd64417, CSCve58704, CSCve68131, CSCve82306, CSCve88013, CSCve90361, CSCve90365, CSCve91536, CSCve91601, CSCve92619, CSCve93039, CSCve93215, CSCve93547, CSCve94030, CSCve94052, CSCve94683, CSCve94821, CSCve94942, CSCve95046, CSCve95104, CSCve95848, CSCve95866, CSCve95898, CSCve95987, CSCve96534, CSCve96615, CSCve96858, CSCve96879, CSCve97734, CSCve97771, CSCve98357, CSCve98393, CSCve98434, CSCve99020, CSCve99072, CSCve99212, CSCve99744, CSCvf01690, CSCvf02412, CSCvf06525, CSCvf08015, CSCvf15789, CSCvf16237, CSCvf16322, CSCvf16358, CSCvf20684, CSCvf27133, CSCvf27342, CSCvf42722, CSCvf47085, CSCvf47220, CSCvf47430, CSCvf47934, CSCvf54469, CSCvf57639, CSCvf58849, CSCvf59210, CSCvf59796, and CSCvf59799. Cisco WLC Software releases prior to 8.3.150.0, releases prior to 8.5.140.0, and releases prior to 8.8.111.0 have an input validation error vulnerability in the management GUI configuration function, which is caused by the network system or product not properly validating the entered data

Trust: 1.98

sources: NVD: CVE-2018-0248 // JVNDB: JVNDB-2019-003588 // BID: 108009 // VULHUB: VHN-118450

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.3.150.0

Trust: 1.8

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.5.140.0

Trust: 1.8

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.8.111.0

Trust: 1.8

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.6

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.6.101

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5.110

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.3.143

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.3.140

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.8

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.7.106.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.7.102.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.7

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.6

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5.105.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.4

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.3.111.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.3.102.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.2.141.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.2.130.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0.140.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.100

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.140

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.2.164.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.2.121.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.1.131.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.1.104.37

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.140.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.132.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.120.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.100.0

Trust: 0.3

vendor:ciscomodel:series wireless controllerscope:eqversion:55000

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:neversion:8.8.120.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:neversion:8.8.111.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:neversion:8.5.140.0

Trust: 0.3

vendor:ciscomodel:wireless lan controller softwarescope:neversion:8.3.150.0

Trust: 0.3

sources: BID: 108009 // JVNDB: JVNDB-2019-003588 // NVD: CVE-2018-0248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0248
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0248
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0248
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-857
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118450
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0248
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118450
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0248
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2018-0248
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118450 // JVNDB: JVNDB-2019-003588 // CNNVD: CNNVD-201904-857 // NVD: CVE-2018-0248 // NVD: CVE-2018-0248

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118450 // JVNDB: JVNDB-2019-003588 // NVD: CVE-2018-0248

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-857

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108009 // CNNVD: CNNVD-201904-857

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003588

PATCH
title:cisco-sa-20190417-wlc-guiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-gui
Trust: 0.8
title:Cisco Wireless LAN Controller Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91691
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003588 // 
            
            
            
            CNNVD: CNNVD-201904-857

EXTERNAL IDS
db:NVDid:CVE-2018-0248
Trust: 2.8
db:BIDid:108009
Trust: 2.0
db:JVNDBid:JVNDB-2019-003588
Trust: 0.8
db:CNNVDid:CNNVD-201904-857
Trust: 0.7
db:AUSCERTid:ESB-2019.1333
Trust: 0.6
db:VULHUBid:VHN-118450
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118450 // 
            
            
            
            BID: 108009 // 
            
            
            
            JVNDB: JVNDB-2019-003588 // 
            
            
            
            CNNVD: CNNVD-201904-857 // 
            
            
            
            NVD: CVE-2018-0248

REFERENCES
url:http://www.securityfocus.com/bid/108009
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-wlc-gui
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2018-0248
Trust: 1.4
url:http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0248
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-wlc-cert-dos
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79298
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-wireless-lan-controller-denial-of-service-via-gui-configuration-29091
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118450 // 
            
            
            
            BID: 108009 // 
            
            
            
            JVNDB: JVNDB-2019-003588 // 
            
            
            
            CNNVD: CNNVD-201904-857 // 
            
            
            
            NVD: CVE-2018-0248

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108009 // 
            
            
            
            CNNVD: CNNVD-201904-857

SOURCES
db:VULHUBid:VHN-118450
db:BIDid:108009
db:JVNDBid:JVNDB-2019-003588
db:CNNVDid:CNNVD-201904-857
db:NVDid:CVE-2018-0248

LAST UPDATE DATE
2024-11-23T22:17:05.317000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118450date:2019-10-09T00:00:00
db:BIDid:108009date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003588date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-857date:2019-04-22T00:00:00
db:NVDid:CVE-2018-0248date:2024-11-21T03:37:48.687

SOURCES RELEASE DATE
db:VULHUBid:VHN-118450date:2019-04-17T00:00:00
db:BIDid:108009date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003588date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-857date:2019-04-17T00:00:00
db:NVDid:CVE-2018-0248date:2019-04-17T22:29:00.217