CVE-2018-0420

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/105671	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041926	Broken Link Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:wireless_lan_controller_software:8.2\(151.0\):*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-17 22:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-0420

Mitre link : CVE-2018-0420

CVE.ORG link : CVE-2018-0420

JSON object : View

Products Affected

cisco

wireless_lan_controller_software

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2018-0420", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-10-17T22:29:00.457", "references": [{"url": "http://www.securityfocus.com/bid/105671", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1041926", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Cisco Wireless LAN Controller Software podr\u00eda permitir que un atacante remoto autenticado vea informaci\u00f3n sensible. El problema se debe al saneamiento incorrecto de entradas proporcionadas por el usuario en par\u00e1metros de petici\u00f3n HTTP que describen nombres de archivo y ruta. Un atacante podr\u00eda explotar esta vulnerabilidad empleando t\u00e9cnicas de salto de directorio para enviar una ruta a una ubicaci\u00f3n de archivo deseada. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante vea archivos en el dispositivo objetivo que podr\u00edan contener informaci\u00f3n sensible."}], "lastModified": "2023-02-03T19:21:26.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.2\\(151.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22DA6CAE-24EA-49F6-9851-F184987FCDE3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}