Vulnerability Name: | CVE-2019-1830 (CCN-159577) | ||||||||||||
Assigned: | 2018-12-06 | ||||||||||||
Published: | 2019-04-17 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device. | ||||||||||||
CVSS v3 Severity: | 4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) 4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
| ||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-1830 Source: BID Type: Third Party Advisory, VDB Entry 108028 Source: XF Type: UNKNOWN cisco-cve20191830-dos(159577) Source: CCN Type: Cisco Security Advisory cisco-sa-20190417-wlc-cert-dos Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability Source: CISCO Type: Vendor Advisory 20190417 Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
BACK |