CVE-2018-0235Improper Input Validation in Cisco Wireless LAN Controller

CWE-20Improper Input Validation6 documents5 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 65.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Wireless LAN ControllerCisco Wireless LAN Controller Software
Timeline
PublishedMay 2
Latest updateMay 13

Description

A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 m

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

NVDcisco/wireless_lan_controller_software8.6\(1.106\), 8.6\(1.114\)+1
CVEListV5cisco/cisco_wireless_lan_controllerCisco Wireless LAN Controller

🔴Vulnerability Details

2
GHSA
GHSA-3m6w-w2q4-82mc: A vulnerability in the 8022022-05-13
CVEList
CVE-2018-0235: A vulnerability in the 8022018-05-02

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability2018-05-02
CVE-2018-0235 — Improper Input Validation in Cisco | cvebase