cvelistv5 - CVE-2007-2039

CVE-2007-2039 (GCVE-0-2007-2039)

Vulnerability from cvelistv5 – Published: 2007-04-16 21:00 – Updated: 2024-08-07 13:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/1368	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://www.osvdb.org/34137	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1017908	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/34139	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/23461	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:49.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-1368",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "34137",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34137"
          },
          {
            "name": "1017908",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "cisco-wlc-npu-traffic-dos(33609)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
          },
          {
            "name": "34139",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34139"
          },
          {
            "name": "23461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23461"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-1368",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1368"
        },
        {
          "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
        },
        {
          "name": "34137",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34137"
        },
        {
          "name": "1017908",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017908"
        },
        {
          "name": "cisco-wlc-npu-traffic-dos(33609)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
        },
        {
          "name": "34139",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34139"
        },
        {
          "name": "23461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23461"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "34137",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34137"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "cisco-wlc-npu-traffic-dos(33609)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
            },
            {
              "name": "34139",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34139"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23461"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2039",
    "datePublished": "2007-04-16T21:00:00",
    "dateReserved": "2007-04-16T00:00:00",
    "dateUpdated": "2024-08-07T13:23:49.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.2\", \"versionEndExcluding\": \"3.2.171.5\", \"matchCriteriaId\": \"9A71200B-AF6E-4B81-B204-F6320BD576E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.206.0\", \"matchCriteriaId\": \"4FE93BEF-E6EC-45B4-8975-6C0C47964602\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1\", \"versionEndExcluding\": \"4.1.171.0\", \"matchCriteriaId\": \"20DDC3CF-FB18-4377-A0B8-D060A2F027F6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.\"}, {\"lang\": \"es\", \"value\": \"La Network Processing Unit (NPU) en el Cisco Wireless LAN Controller (WLC) anterior a 3.2.171.5, 4.0.x anterior a 4.0.206.0, y 4.1.x permite a atacantes remotos en una red local inal\\u00e1mbrica provocar una denegaci\\u00f3n de servicio  (perdida de reenv\\u00edo de paquetes) mediante (1) paquetes SNAP manipulados, (2) tr\\u00e1fico 802.11 manipulado, o (3) paquetes con determinados valores de longitud de cabecera, tambi\\u00e9n conocido como Bug IDs CSCsg15901 y CSCsh10841.\"}]",
      "id": "CVE-2007-2039",
      "lastModified": "2024-11-21T00:29:45.463",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 6.1, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-16T21:19:00.000",
      "references": "[{\"url\": \"http://securitytracker.com/id?1017908\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/34137\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.osvdb.org/34139\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/23461\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1368\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33609\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://securitytracker.com/id?1017908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/34137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.osvdb.org/34139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/23461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2039\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-16T21:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.\"},{\"lang\":\"es\",\"value\":\"La Network Processing Unit (NPU) en el Cisco Wireless LAN Controller (WLC) anterior a 3.2.171.5, 4.0.x anterior a 4.0.206.0, y 4.1.x permite a atacantes remotos en una red local inal\u00e1mbrica provocar una denegaci\u00f3n de servicio  (perdida de reenv\u00edo de paquetes) mediante (1) paquetes SNAP manipulados, (2) tr\u00e1fico 802.11 manipulado, o (3) paquetes con determinados valores de longitud de cabecera, tambi\u00e9n conocido como Bug IDs CSCsg15901 y CSCsh10841.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":6.1,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2\",\"versionEndExcluding\":\"3.2.171.5\",\"matchCriteriaId\":\"9A71200B-AF6E-4B81-B204-F6320BD576E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.206.0\",\"matchCriteriaId\":\"4FE93BEF-E6EC-45B4-8975-6C0C47964602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.1.171.0\",\"matchCriteriaId\":\"20DDC3CF-FB18-4377-A0B8-D060A2F027F6\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1017908\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/34137\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.osvdb.org/34139\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/23461\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33609\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1017908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/34137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.osvdb.org/34139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/23461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GHSA-GP6R-FMM5-G6JW

Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2022-05-01 17:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2039"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T21:19:00Z",
    "severity": "MODERATE"
  },
  "details": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.",
  "id": "GHSA-gp6r-fmm5-g6jw",
  "modified": "2022-05-01T17:59:23Z",
  "published": "2022-05-01T17:59:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2039"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34137"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34139"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2039

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2039

Aliases

CVE-2007-2039

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2039",
    "description": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.",
    "id": "GSD-2007-2039"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2039"
      ],
      "details": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.",
      "id": "GSD-2007-2039",
      "modified": "2023-12-13T01:21:37.518179Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2039",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-1368",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "34137",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34137"
          },
          {
            "name": "1017908",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "cisco-wlc-npu-traffic-dos(33609)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
          },
          {
            "name": "34139",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34139"
          },
          {
            "name": "23461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23461"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.171.5",
                "versionStartIncluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.171.0",
                "versionStartIncluding": "4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.206.0",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2039"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/23461"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "34137",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/34137"
            },
            {
              "name": "34139",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/34139"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "cisco-wlc-npu-traffic-dos(33609)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-11-01T16:55Z",
      "publishedDate": "2007-04-16T21:19Z"
    }
  }
}

FKIE_CVE-2007-2039

Vulnerability from fkie_nvd - Published: 2007-04-16 21:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1017908	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/34137	Broken Link
cve@mitre.org	http://www.osvdb.org/34139	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/23461	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1368	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33609	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017908	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34137	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34139	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23461	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1368	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33609	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	wireless_lan_controller_software	*
cisco	wireless_lan_controller_software	*
cisco	wireless_lan_controller_software	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A71200B-AF6E-4B81-B204-F6320BD576E1",
              "versionEndExcluding": "3.2.171.5",
              "versionStartIncluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE93BEF-E6EC-45B4-8975-6C0C47964602",
              "versionEndExcluding": "4.0.206.0",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DDC3CF-FB18-4377-A0B8-D060A2F027F6",
              "versionEndExcluding": "4.1.171.0",
              "versionStartIncluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841."
    },
    {
      "lang": "es",
      "value": "La Network Processing Unit (NPU) en el Cisco Wireless LAN Controller (WLC) anterior a 3.2.171.5, 4.0.x anterior a 4.0.206.0, y 4.1.x permite a atacantes remotos en una red local inal\u00e1mbrica provocar una denegaci\u00f3n de servicio  (perdida de reenv\u00edo de paquetes) mediante (1) paquetes SNAP manipulados, (2) tr\u00e1fico 802.11 manipulado, o (3) paquetes con determinados valores de longitud de cabecera, tambi\u00e9n conocido como Bug IDs CSCsg15901 y CSCsh10841."
    }
  ],
  "id": "CVE-2007-2039",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/34137"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/34139"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/34137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/34139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans deux applications utilisées avec des produits sans-fil Cisco : le Cisco Wireless LAN Controller (WLC) et le Cisco Wireless Control System (WCS). Les conséquences de l'exploitation de celles-ci sont variées, incluant un déni de service du point d'accès, un accès illégitime à la configuration (lecture et écriture), ou une élévation de privilèges.

Description

Cisco Wireless LAN Controller (WLC) est une application qui permet d'administrer les points d'accès Cisco (Aironet), par le biais du protocole LWAPP (pour Lightweight Access Point Protocol. Parmi les vulnérabilités :

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

Description

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

VAR-200704-0023

Vulnerability from variot - Updated: 2023-12-18 12:23

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values in some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0023",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless lan controller software",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.171.0"
      },
      {
        "model": "wireless lan controller software",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "wireless lan controller software",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "wireless lan controller software",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "wireless lan controller software",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "wireless lan controller software",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.171.5"
      },
      {
        "model": "wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.x"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.x"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.2.116.21"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "wireless lan controller software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.0.155.0"
      },
      {
        "model": "wireless lan controller module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "catalyst series wireless services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "65000"
      },
      {
        "model": "catalyst series integrated wireless lan cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "37500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "41000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1400"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1300"
      },
      {
        "model": "aironet 1240ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1200"
      },
      {
        "model": "aironet 1130ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "model": "aironet 1230ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.171.5",
                "versionStartIncluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.171.0",
                "versionStartIncluding": "4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.206.0",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2039",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-2039",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-25401",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2039",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-281",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25401",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2007-2039",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN\u0027s ACLs from being installed. \nAn attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values \u200b\u200bin some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2039"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2039",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "23461",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1017908",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "34137",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "34139",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1368",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS LAN CONTROLLER AND CISCO LIGHTWEIGHT ACCESS POINTS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "33609",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25401",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2039",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2039"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "id": "VAR-200704-0023",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      }
    ],
    "trust": 0.66881315
  },
  "last_update_date": "2023-12-18T12:23:39.192000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070412-wlc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/23461"
      },
      {
        "trust": 1.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/34137"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/34139"
      },
      {
        "trust": 1.8,
        "url": "http://securitytracker.com/id?1017908"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2007/1368"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2039"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2039"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/33609"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1368"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/465506"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=13047"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2039"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2039"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "date": "2007-04-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2007-2039"
      },
      {
        "date": "2007-04-12T00:00:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "date": "2007-04-16T21:19:00",
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "date": "2007-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25401"
      },
      {
        "date": "2018-11-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2007-2039"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      },
      {
        "date": "2018-11-01T16:55:29.147000",
        "db": "NVD",
        "id": "CVE-2007-2039"
      },
      {
        "date": "2007-04-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WLC of NPU Denial of service in Japan  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001826"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-281"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2039 (GCVE-0-2007-2039)

GHSA-GP6R-FMM5-G6JW

GSD-2007-2039

FKIE_CVE-2007-2039

CERTA-2007-AVI-172

Description

Solution

CERTA-2007-AVI-172

Description

Solution

VAR-200704-0023

Tags

Sightings

Nomenclature