CVE-2018-0382

Description

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated users browser session on the system. Versions 8.1 and 8.5 are affected.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.697

Associated Vulnerability

Vulnerability	OS Platform
Cisco Wireless LAN Controller Software Session Hijacking Vulnerability For Cisco Virtual Wireless Controller	NCM
Improper Authentication Vulnerability (CVE-2018-0382)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705937	Security Update for Cisco Virtual Wireless Controller 8.3(15.155)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234