First published: Thu Apr 18 2019(Updated: )
A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Wireless LAN Controller Software | <8.3.150.0 | |
Cisco Wireless LAN Controller Software | >=8.5.131.0<8.5.140.0 | |
Cisco Wireless LAN Controller Software | >=8.6.101.0<8.8.100.0 | |
<8.3.150.0 | ||
>=8.5.131.0<8.5.140.0 | ||
>=8.6.101.0<8.8.100.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1830 is a vulnerability in the Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
CVE-2019-1830 affects Cisco Wireless LAN Controller software versions 8.3.150.0 to 8.8.100.0.
CVE-2019-1830 has a severity rating of 4.9 (medium).
An attacker with valid credentials can exploit CVE-2019-1830 by causing the affected Cisco Wireless LAN Controller to unexpectedly restart, leading to a denial of service (DoS) condition.
Yes, Cisco has released security advisories with fixes for CVE-2019-1830. It is recommended to update to a fixed version of Cisco Wireless LAN Controller software.