PT-2019-3938 · Cisco · Cisco Wireless Lan Controller+1

Fabian Beck

Published

2019-10-16

Updated

2019-10-22

CVE-2019-15266

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) Software (affected versions not specified)

Description A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This issue is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this by using directory traversal techniques to submit a path to a desired file location, potentially allowing them to view system files containing sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2019-04418

CVE-2019-15266

Affected Products

Cisco Wireless Lan Controller

Cisco Wls

PT-2019-3938 · Cisco · Cisco Wireless Lan Controller+1

CVE-2019-15266

Weakness Enumeration

Related Identifiers

Affected Products

References · 4