CVE-2019-1830
Last modified
CVE-2019-1830 is a vulnerability of currently unknown severity. A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. EPSS estimates a 1.23% chance of exploitation in the next 30 days.
Description
A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Lan Controller Software | < 8.3.150.0 |
| Cisco | Wireless Lan Controller Software | >= 8.5.131.0, < 8.5.140.0 |
| Cisco | Wireless Lan Controller Software | >= 8.6.101.0, < 8.8.100.0 |
References
- http://www.securityfocus.com/bid/108028Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/108028Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1830?
How severe is CVE-2019-1830?
How do I fix CVE-2019-1830?
Are you affected by CVE-2019-1830?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST