Cisco Wireless LAN Controller Multiple Vulnerabilities
High Nessus Plugin ID 118461
The remote device is missing a vendor-supplied security patch.
According to its self-reported version, the Cisco Wireless LAN Controller (WLC) is affected by the following vulnerabilities: - A privilege escalation vulnerability due to improper parsing of a specific TACACS attribute. A remote attacker, authenticating to TACACs via the GUI, could create a local account with administrative privileges. (CVE-2018-0417) - A denial of service vulnerability due to flaws with specific timer mechanisms. A remote attacker could potentially cause the timer to crash resulting in a DoS condition. (CVE-2018-0441) - An information disclosure vulnerability due to insufficient checks when handling Control and Provisioning of Wireless Access Point keepalive requests. A remote attacker, with a specially crafted CAPWAP keepalive packet, could potentially read the devices memory. (CVE-2018-0442) - A denial of service vulnerability due to improper validation of CAPWAP discovery request packets. A remote attacker could potentially disconnect associated APs, resulting in a DoS condition. (CVE-2018-0443) Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvf66680, CSCvh65876, CSCve64652, and CSCvf66696.