CVE-2018-0442Sensitive Information Exposure in Cisco Wireless LAN Controller Software

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Wireless LAN Controller SoftwareCisco Wireless LAN Controller
Timeline
PublishedOct 17
Latest updateMay 13

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive pack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3gr8-wv6w-r2h8: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software2022-05-13
CVEList
Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability2018-10-17

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability2018-10-17
CVE-2018-0442 — Sensitive Information Exposure in Cisco | cvebase