CVE-2019-15266

CWE-22Path Traversal4 documents4 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 74.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Wireless LAN Controller (wlc)Cisco Wireless LAN Controller Software
Timeline
PublishedOct 16
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_wireless_lan_controller_(wlc)unspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-cj7m-xpw7-hcp8: A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that shou2022-05-24
CVEList
Cisco Wireless LAN Controller Path Traversal Vulnerability2019-10-16

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller Path Traversal Vulnerability2019-10-16
CVE-2019-15266 (MEDIUM CVSS 4.4) | A vulnerability in the CLI of Cisco | cvebase.io