CVE-2018-0382

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) Software versions 8.1 through 8.5

Description A vulnerability in the session identification management functionality of the web-based interface could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The issue exists because the software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this by using an existing session identifier to connect to the software, potentially allowing them to hijack an authenticated user's browser session.

Recommendations For versions 8.1 and 8.5, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the web-based interface to minimize the risk of exploitation.