Vulnerability Name:

CVE-2019-1830 (CCN-159577)

Assigned:2018-12-06
Published:2019-04-17
Updated:2019-10-09
Summary:A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.
CVSS v3 Severity:4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-1830

Source: BID
Type: Third Party Advisory, VDB Entry
108028

Source: XF
Type: UNKNOWN
cisco-cve20191830-dos(159577)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20190417-wlc-cert-dos
Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20190417 Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:* (Version < 8.3.150.0)
  • OR cpe:/a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:* (Version >= 8.5.131.0 and < 8.5.140.0)
  • OR cpe:/a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:* (Version >= 8.6.101.0 and < 8.8.100.0)

  • Configuration CCN 1:
  • cpe:/o:cisco:wireless_lan_controller_software:7.4.1.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    cisco wireless lan controller software *
    cisco wireless lan controller software *
    cisco wireless lan controller software *
    cisco wireless lan controller software 7.4.1.1