CVE-2018-0417
HIGHCisco Wireless LAN Controller Software - Authenticated Privilege Escalation via TACACS Attribute Parsing
Title source: llmDescription
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041924
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105667
Scores
CVSS v3
7.8
EPSS
0.0316
EPSS Percentile
86.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-264
Status
published
Products (3)
cisco/wireless_lan_controller
8.4 - 8.5.131.0
cisco/wireless_lan_controller_software
8.7\(1.115\)
cisco/wireless_lan_controller_software
< 8.2.170.0
Published
Oct 17, 2018
Tracked Since
Feb 18, 2026