Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-1797— Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability

EPSS 0.19% · P40
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1797

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an interface user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the user. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Wireless LAN Controller(WLC)Software 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Wireless LAN Controller(WLC)Software是美国思科(Cisco)公司的一套用于配置和管理WLC(无线局域网控制器)的软件。 Cisco WLC Software中基于Web的管理界面存在跨站请求伪造漏洞,该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Wireless LAN Controller (WLC) unspecified ~ 8.3.150.0 -

II. Public POCs for CVE-2019-1797

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-1797

登录查看更多情报信息。

Same Patch Batch · Cisco · 2019-04-18 · 23 CVEs total

CVE-2019-1800Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabili
CVE-2019-1719Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVE-2019-1722Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Reque
CVE-2019-1721Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Servic
CVE-2019-1720Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Servic
CVE-2019-1777Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability
CVE-2019-1725Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Param
CVE-2019-1792Cisco Umbrella Cross-Site Scripting Vulnerability
CVE-2019-1794Cisco Directory Connector Search Order Hijacking Vulnerability
CVE-2019-1799Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabili
CVE-2019-1796Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabili
CVE-2019-1841Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability
CVE-2019-1805Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability
CVE-2019-1802Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
CVE-2019-1830Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerabil
CVE-2019-1829Cisco Aironet Series Access Points Command Injection Vulnerability
CVE-2019-1826Cisco Aironet Series Access Points Quality of Service Denial of Service Vulnerability
CVE-2019-1835Cisco Aironet Series Access Points Directory Traversal Vulnerability
CVE-2019-1834Cisco Aironet Series Access Points Denial of Service Vulnerability
CVE-2019-1831Cisco Email Security Appliance Content Filter Bypass Vulnerability

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco Wireless LAN Controller (WLC)
Same vendor: Cisco
Same weakness: CWE-352

V. Comments for CVE-2019-1797

No comments yet

Leave a comment