VDB
CVE-2018-0420
CVE-2018-0420
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information.
EPSS 2.75% · 86.3th percentile
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
2.75%
86.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | wireless_lan_controller_software | 8.2\(151.0\) |
| Cisco | Cisco Wireless LAN Controller (WLC) | n/a |
Exploit Intelligence
- 105671 (circl)
- 20181017 Cisco Wireless LAN Controller Software Directory Traversal Vulnerability (circl)
- 1041926 (circl)
Timeline
- Oct 17, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score