CVE-2018-0388

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller Software versions prior to the fixed version

Description The issue is related to insufficient protection of the web interface structure, allowing an attacker to inject arbitrary code into a web page using a specially crafted link. This vulnerability could enable a remote attacker to conduct a cross-site scripting (XSS) attack against users of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

Recommendations For versions prior to the fixed version, update to the latest version of Cisco Wireless LAN Controller Software to resolve the issue. As a temporary workaround, consider restricting access to the web-based interface to minimize the risk of exploitation. Avoid using the web-based interface until the issue is resolved, if possible.