CVE-2018-0417 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2018-0417?

CVE-2018-0417 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-0417?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller Software, Cisco Wireless Lan Controller.

Vulnerability Description

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Wireless Lan Controller Software	8.7\(1.115\)
Cisco	Wireless Lan Controller	>= 8.4, < 8.5.131.0

Related Weaknesses (CWE)

CWE-264

References

http://www.securityfocus.com/bid/105667Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041924Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/105667Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041924Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2018-0417?

CVE-2018-0417 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normal...

How severe is CVE-2018-0417?

CVE-2018-0417 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0417?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller Software, Cisco Wireless Lan Controller.