CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-0420

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.securityfocus.com/bid/105671
http://www.securitytracker.com/id/1041926
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal
http://www.securityfocus.com/bid/105671
http://www.securitytracker.com/id/1041926
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal

Products affected by CVE-2018-0420

Cisco » Wireless Lan Controller Software » Version: 8.2(151.0)

cpe:2.3:o:cisco:wireless_lan_controller_software:8.2(151.0)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-0420

Products

Pricing

Contact Us