PT-2018-8697 · Cisco · Cisco 8500 Series Wireless Lan Controller+2

Published

2018-05-02

Updated

2020-09-04

CVE-2018-0245

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software (affected versions not specified)

Description: A vulnerability in the REST API could allow an unauthenticated, remote attacker to view system information that should be prohibited. The issue is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this by sending a malicious URL to the REST API, potentially allowing them to view sensitive system information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-269

Related Identifiers

CVE-2018-0245

Affected Products

Cisco 5500 Series Wireless Lan Controller

Cisco 8500 Series Wireless Lan Controller

Cisco Wls

PT-2018-8697 · Cisco · Cisco 8500 Series Wireless Lan Controller+2

CVE-2018-0245

Weakness Enumeration

Related Identifiers

Affected Products

References · 5