Sign-up

ID

VAR-201911-1118


CVE

CVE-2019-15276


TITLE

Cisco Wireless LAN Controller Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012824

DESCRIPTION

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition

Trust: 1.71

sources: NVD: CVE-2019-15276 // JVNDB: JVNDB-2019-012824 // VULHUB: VHN-147306

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.10

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.4

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-012824 // NVD: CVE-2019-15276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15276
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15276
value: HIGH

Trust: 1.0

NVD: CVE-2019-15276
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-375
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15276
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147306
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15276
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15276
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-15276
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147306 // JVNDB: JVNDB-2019-012824 // CNNVD: CNNVD-201911-375 // NVD: CVE-2019-15276 // NVD: CVE-2019-15276

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-147306 // JVNDB: JVNDB-2019-012824 // NVD: CVE-2019-15276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-375

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-375

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012824

PATCH
title:cisco-sa-20191106-wlc-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos
Trust: 0.8
title:Cisco Wireless LAN Controller Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104676
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012824 // 
            
            
            
            CNNVD: CNNVD-201911-375

EXTERNAL IDS
db:NVDid:CVE-2019-15276
Trust: 2.5
db:PACKETSTORMid:155554
Trust: 1.7
db:JVNDBid:JVNDB-2019-012824
Trust: 0.8
db:CNNVDid:CNNVD-201911-375
Trust: 0.7
db:EXPLOIT-DBid:47744
Trust: 0.6
db:AUSCERTid:ESB-2019.4180.2
Trust: 0.6
db:AUSCERTid:ESB-2019.4180
Trust: 0.6
db:VULHUBid:VHN-147306
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147306 // 
            
            
            
            JVNDB: JVNDB-2019-012824 // 
            
            
            
            CNNVD: CNNVD-201911-375 // 
            
            
            
            NVD: CVE-2019-15276

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-wlc-dos
Trust: 1.7
url:http://packetstormsecurity.com/files/155554/cisco-wlc-2504-8.9-denial-of-service.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-15276
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15276
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-wireless-lan-controller-denial-of-service-via-http-parsing-engine-30806
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4180.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4180/
Trust: 0.6
url:https://www.exploit-db.com/exploits/47744
Trust: 0.6
sources:
            
            
            VULHUB: VHN-147306 // 
            
            
            
            JVNDB: JVNDB-2019-012824 // 
            
            
            
            CNNVD: CNNVD-201911-375 // 
            
            
            
            NVD: CVE-2019-15276

CREDITS
independent security researcher SecuNinja .,SecuNinja
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201911-375

SOURCES
db:VULHUBid:VHN-147306
db:JVNDBid:JVNDB-2019-012824
db:CNNVDid:CNNVD-201911-375
db:NVDid:CVE-2019-15276

LAST UPDATE DATE
2024-11-23T21:51:50.308000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147306date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-012824date:2019-12-13T00:00:00
db:CNNVDid:CNNVD-201911-375date:2020-05-12T00:00:00
db:NVDid:CVE-2019-15276date:2024-11-21T04:28:21.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-147306date:2019-11-26T00:00:00
db:JVNDBid:JVNDB-2019-012824date:2019-12-13T00:00:00
db:CNNVDid:CNNVD-201911-375date:2019-11-06T00:00:00
db:NVDid:CVE-2019-15276date:2019-11-26T03:15:11.130