CVE-2018-0442 HIGH

CVE-2018-0442: Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability

Vendor Cisco
Product Cisco Wireless LAN Controller (WLC)
Weakness CWE-200 · Info exposure
Published October 17, 2018
Last update November 26, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.

Key dates

02Disclosure timeline

October 17, 2018 CVE published
November 26, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-31280 Exposure of Sensitive Information to an Unauthorized Actor CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server Could Leak Sensitive Information CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server CVE-2026-40895 follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets