Vulnerability Description
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Lan Controller Software | 8.3\(133.0\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104123Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040823Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/104123Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040823Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0245?
CVE-2018-0245 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circum...
How severe is CVE-2018-0245?
CVE-2018-0245 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0245?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller Software.