Detections
Analytics
Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability
medium Nessus Plugin ID 124334
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco Wireless LAN Controller (WLC) is affected by following vulnerability- A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials.The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device. (CVE-2019-1830)
Please see the included Cisco BIDs and Cisco Security Advisory for more information
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvj07995See Also
Plugin Details
Severity: Medium
ID: 124334
File Name: cisco-sa-20190417-wlc-cert-dos.nasl
Version: 1.7
Type: local
Family: CISCO
Published: 4/26/2019
Updated: 8/20/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS Score Source: CVE-2019-1830
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port
Exploit Ease: No known exploits are available
Patch Publication Date: 4/17/2019
Vulnerability Publication Date: 4/17/2019
Reference Information
CVE: CVE-2019-1830
BID: 108028