CVE-2019-1830

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.

Published: Apr 18, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1830
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / wireless_lan_controller_software	8.5.131.0	8.5.140.0
cisco / wireless_lan_controller_software	-	8.3.150.0
cisco / wireless_lan_controller_software	8.6.101.0	8.8.100.0

Vulnerability Database

289,697

CVE-2019-1830