Executive Summary

Informations
NameCVE-2018-0382First vendor Publication2019-04-17
VendorCveLast vendor Modification2019-04-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0382

CWE : Common Weakness Enumeration

%idName
100 %CWE-287Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108005
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-04-19 21:19:26
  • Multiple Updates
2019-04-19 13:19:03
  • Multiple Updates
2019-04-18 05:18:44
  • First insertion