CVE-2018-15395 — Improper Access Control in Cisco Wireless LAN Controller

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 69.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Cisco Wireless LAN Controller Software

Timeline

PublishedOct 17

Latest updateMay 13

Description

A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit t…

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/wireless_lan_controller_software8.5\(120.0\)

▶CVEListV5cisco/cisco_wireless_lan_controllern/a

🔴Vulnerability Details

GHSA

GHSA-r7pm-6rfr-vfm2: A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticat↗2022-05-13

▶

CVEList

Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability↗2018-10-17

▶

📋Vendor Advisories

Cisco

Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability↗2018-10-17

▶