CVE-2018-0245
moderate-risk
Published 2018-05-02
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442.
Do I need to act?
-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/104123
Third Party Advisory
http://www.securitytracker.com/id/1040823
Third Party Advisory
http://www.securityfocus.com/bid/104123
Third Party Advisory
http://www.securitytracker.com/id/1040823
30
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
2/34 · Minimal
Exposure
7/34 · Low