CVE-2018-0416

CVE Database · CVE-2018-0416

CVE-2018-0416

· N/AModified

CVSS v3.1

N/A

EPSS

2.51%

Published

Oct 17, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (2)

cisco · wireless_lan_controller_softwarevulnerable

References (6)

http://www.securityfocus.com/bid/105675

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041928

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-id

Vendor Advisory

http://www.securityfocus.com/bid/105675

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041928

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-id

KEV Catalog EPSS Scores Vendors All CVEs