CVE-2018-0420 - OpenCVE

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Wireless Lan Controller Software

Configuration 1 [-]

cpe:2.3:o:cisco:wireless_lan_controller_software:8.2\(151.0\):*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105671	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041926	Broken Link Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-10-17T00:00:00

Updated: 2018-10-20T09:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0420

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-17T22:29:00.457

Modified: 2023-02-03T19:21:26.437

Link: CVE-2018-0420

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Cisco Wireless LAN Controller (WLC) ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-20T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "105671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105671"}, {"name": "20181017 Cisco Wireless LAN Controller Software Directory Traversal Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal"}, {"name": "1041926", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041926"}], "source": {"advisory": "cisco-sa-20181017-wlc-traversal", "defect": [["CSCvf66723"]], "discovery": "INTERNAL"}, "title": "Cisco Wireless LAN Controller Software Directory Traversal Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-10-17T16:00:00-0500", "ID": "CVE-2018-0420", "STATE": "PUBLIC", "TITLE": "Cisco Wireless LAN Controller Software Directory Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Wireless LAN Controller (WLC) ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "105671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105671"}, {"name": "20181017 Cisco Wireless LAN Controller Software Directory Traversal Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal"}, {"name": "1041926", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041926"}]}, "source": {"advisory": "cisco-sa-20181017-wlc-traversal", "defect": [["CSCvf66723"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0420", "datePublished": "2018-10-17T00:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-10-20T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:8.2\\(151.0\\):*:*:*:*:*:*:*", "matchCriteriaId": "22DA6CAE-24EA-49F6-9851-F184987FCDE3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Cisco Wireless LAN Controller Software podr\u00eda permitir que un atacante remoto autenticado vea informaci\u00f3n sensible. El problema se debe al saneamiento incorrecto de entradas proporcionadas por el usuario en par\u00e1metros de petici\u00f3n HTTP que describen nombres de archivo y ruta. Un atacante podr\u00eda explotar esta vulnerabilidad empleando t\u00e9cnicas de salto de directorio para enviar una ruta a una ubicaci\u00f3n de archivo deseada. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante vea archivos en el dispositivo objetivo que podr\u00edan contener informaci\u00f3n sensible."}], "id": "CVE-2018-0420", "lastModified": "2023-02-03T19:21:26.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-17T22:29:00.457", "references": [{"source": "ykramarz@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105671"}, {"source": "ykramarz@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041926"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}