Details of VAR-201805-0492

ID

VAR-201805-0492

CVE

CVE-2018-0247

TITLE

Cisco Wireless LAN Controller and Aironet Access Point Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004899

DESCRIPTION

A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789. Vendors have confirmed this vulnerability Bug ID CSCvc79502 and CSCvf71789 It is released as.Information may be tampered with. IOSSoftware is a set of operating systems running on it. The product provides security policy, intrusion detection and other functions in the wireless LAN. WebAuthentication (WebAuth) is one of the web authentication client programs. An authorization issue vulnerability exists in the CiscoAuthoAccessPoints IOSSoftware and Cisco WirelessLANController prior to 8.5.10.0 for the WebAuth client, which was caused by the program failing to authenticate. This may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2018-0247 // JVNDB: JVNDB-2018-004899 // CNVD: CNVD-2018-09243 // BID: 104087 // VULHUB: VHN-118449

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09243

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.3\(104.105\)	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.3\(104.105\)	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.5\(107.52\)	Trust: 1.6
vendor:	cisco	model:	ios software	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	aironet access point software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet access points	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	wireless lan controllers	scope:	lt	version:	8.5.110.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.2.1570	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.1.1600	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.1.1520	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.1.1510	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.0.1482	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	5.0.1480	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1820	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1760	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1740	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1730	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1300	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1170	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.1120	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.990	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2.610	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.1.1850	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.1.1810	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.1.1710	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.2190	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.2170	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.2060	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.196	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.1798	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.17911	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.1555	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.1550	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.108	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.19510	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.1935	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.1850	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.1716	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.1715	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.1506	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.15010	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.11621	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.780	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.1.1110	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.1.1050	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.1.5924	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	aironet access points	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	ne	version:	8.5.110.0	Trust: 0.3

sources: CNVD: CNVD-2018-09243 // BID: 104087 // JVNDB: JVNDB-2018-004899 // CNNVD: CNNVD-201805-087 // NVD: CVE-2018-0247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0247
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0247
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-09243
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201805-087
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118449
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0247
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-09243
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118449
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0247
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-09243 // VULHUB: VHN-118449 // JVNDB: JVNDB-2018-004899 // CNNVD: CNNVD-201805-087 // NVD: CVE-2018-0247

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-118449 // JVNDB: JVNDB-2018-004899 // NVD: CVE-2018-0247

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-087

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-087

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004899

PATCH

title:	cisco-sa-20180502-aironet-auth	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth	Trust: 0.8
title:	Multiple Cisco product certification bypassing vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/128543	Trust: 0.6
title:	Cisco Wireless LAN Controller and Aironet Access Points Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79823	Trust: 0.6

sources: CNVD: CNVD-2018-09243 // JVNDB: JVNDB-2018-004899 // CNNVD: CNNVD-201805-087

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0247	Trust: 3.4
db:	BID	id:	104087	Trust: 2.6
db:	SECTRACK	id:	1040814	Trust: 2.3
db:	SECTRACK	id:	1040815	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004899	Trust: 0.8
db:	CNVD	id:	CNVD-2018-09243	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-087	Trust: 0.6
db:	VULHUB	id:	VHN-118449	Trust: 0.1

sources: CNVD: CNVD-2018-09243 // VULHUB: VHN-118449 // BID: 104087 // JVNDB: JVNDB-2018-004899 // CNNVD: CNNVD-201805-087 // NVD: CVE-2018-0247

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-aironet-auth	Trust: 2.0
url:	http://www.securityfocus.com/bid/104087	Trust: 1.7
url:	http://www.securitytracker.com/id/1040814	Trust: 1.7
url:	http://www.securitytracker.com/id/1040815	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0247	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0247	Trust: 0.8
url:	https://securitytracker.com/id/1040814	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-09243 // VULHUB: VHN-118449 // BID: 104087 // JVNDB: JVNDB-2018-004899 // CNNVD: CNNVD-201805-087 // NVD: CVE-2018-0247

CREDITS

Cisco

Trust: 0.3

sources: BID: 104087

SOURCES

db:	CNVD	id:	CNVD-2018-09243
db:	VULHUB	id:	VHN-118449
db:	BID	id:	104087
db:	JVNDB	id:	JVNDB-2018-004899
db:	CNNVD	id:	CNNVD-201805-087
db:	NVD	id:	CVE-2018-0247

LAST UPDATE DATE

2024-11-23T22:58:59.552000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09243	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-118449	date:	2019-10-09T00:00:00
db:	BID	id:	104087	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004899	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-087	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0247	date:	2024-11-21T03:37:48.563

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-09243	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-118449	date:	2018-05-02T00:00:00
db:	BID	id:	104087	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004899	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-087	date:	2018-05-02T00:00:00
db:	NVD	id:	CVE-2018-0247	date:	2018-05-02T22:29:00.513