CVE-2018-0382

CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Wireless LAN Controller (wlc)Cisco Wireless LAN Controller Software
Timeline
PublishedApr 17
Latest updateMay 13

Description

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an exi

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/wireless_lan_controller_software8.1\(111.0\), 8.5\(120.0\)+1
CVEListV5cisco/cisco_wireless_lan_controller_(wlc)unspecified8.5(144.5)

🔴Vulnerability Details

2
GHSA
GHSA-xf8h-gv6j-fvjf: A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software coul2022-05-13
CVEList
Cisco Wireless LAN Controller Software Session Hijacking Vulnerability2019-04-17

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller Software Session Hijacking Vulnerability2019-04-17
CVE-2018-0382 (HIGH CVSS 7.5) | A vulnerability in the session iden | cvebase.io