Sign-up

ID

VAR-201910-0980


CVE

CVE-2019-15266


TITLE

Cisco Wireless LAN Controller Software path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-011114 // CNNVD: CNNVD-201910-1111

DESCRIPTION

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information

Trust: 1.71

sources: NVD: CVE-2019-15266 // JVNDB: JVNDB-2019-011114 // VULHUB: VHN-147295

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.10

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.3

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1.122.0

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0.115.0

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0.120.0

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0_base

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1.0

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0.100

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1.111.0

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1.104.37

Trust: 0.6

sources: JVNDB: JVNDB-2019-011114 // CNNVD: CNNVD-201910-1111 // NVD: CVE-2019-15266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15266
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15266
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15266
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1111
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147295
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15266
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147295
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15266
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15266
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147295 // JVNDB: JVNDB-2019-011114 // CNNVD: CNNVD-201910-1111 // NVD: CVE-2019-15266 // NVD: CVE-2019-15266

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-147295 // JVNDB: JVNDB-2019-011114 // NVD: CVE-2019-15266

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1111

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201910-1111

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011114

PATCH
title:cisco-sa-20191016-wlc-pathtravurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-wlc-pathtrav
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011114

EXTERNAL IDS
db:NVDid:CVE-2019-15266
Trust: 2.5
db:JVNDBid:JVNDB-2019-011114
Trust: 0.8
db:CNNVDid:CNNVD-201910-1111
Trust: 0.7
db:AUSCERTid:ESB-2019.3904
Trust: 0.6
db:AUSCERTid:ESB-2019.3904.2
Trust: 0.6
db:VULHUBid:VHN-147295
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147295 // 
            
            
            
            JVNDB: JVNDB-2019-011114 // 
            
            
            
            CNNVD: CNNVD-201910-1111 // 
            
            
            
            NVD: CVE-2019-15266

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-wlc-pathtrav
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-15266
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15266
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-wlc-ssh-dos
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3904/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-wireless-lan-controller-directory-traversal-30657
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3904.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-147295 // 
            
            
            
            JVNDB: JVNDB-2019-011114 // 
            
            
            
            CNNVD: CNNVD-201910-1111 // 
            
            
            
            NVD: CVE-2019-15266

CREDITS
and Jiri Kulda of Deutsche Telekom .,Marcin Kopec, Fabian Beck
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1111

SOURCES
db:VULHUBid:VHN-147295
db:JVNDBid:JVNDB-2019-011114
db:CNNVDid:CNNVD-201910-1111
db:NVDid:CVE-2019-15266

LAST UPDATE DATE
2024-11-23T22:48:13.436000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147295date:2019-10-22T00:00:00
db:JVNDBid:JVNDB-2019-011114date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1111date:2019-10-25T00:00:00
db:NVDid:CVE-2019-15266date:2024-11-21T04:28:19.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-147295date:2019-10-16T00:00:00
db:JVNDBid:JVNDB-2019-011114date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1111date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15266date:2019-10-16T19:15:14.253