CVE-2019-1830

MEDIUM

Cisco Wireless LAN Controller Software < 8.3.150.0 - Authenticated Denial of Service via LSC Certificate HTTP URL

Title source: llm
STIX 2.1

Description

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108028

Scores

CVSS v3 4.9
EPSS 0.0123
EPSS Percentile 65.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (1)
cisco/wireless_lan_controller_software < 8.3.150.0
Published Apr 18, 2019
Tracked Since Feb 18, 2026