cvelistv5 - cve-2007-2032

CVE-2007-2032 (GCVE-0-2007-2032)

Vulnerability from cvelistv5 – Published: 2007-04-16 21:00 – Updated: 2024-08-07 13:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://www.vupen.com/english/advisories/2007/1367	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1017907	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/23460	vdb-entryx_refsource_BID
	http://secunia.com/advisories/24865	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/34132	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:49.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
          },
          {
            "name": "ADV-2007-1367",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1367"
          },
          {
            "name": "1017907",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017907"
          },
          {
            "name": "23460",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23460"
          },
          {
            "name": "24865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24865"
          },
          {
            "name": "34132",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34132"
          },
          {
            "name": "cisco-wcs-ftp-unauthorized-access(33614)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
        },
        {
          "name": "ADV-2007-1367",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1367"
        },
        {
          "name": "1017907",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017907"
        },
        {
          "name": "23460",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23460"
        },
        {
          "name": "24865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24865"
        },
        {
          "name": "34132",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34132"
        },
        {
          "name": "cisco-wcs-ftp-unauthorized-access(33614)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
            },
            {
              "name": "ADV-2007-1367",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1367"
            },
            {
              "name": "1017907",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017907"
            },
            {
              "name": "23460",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23460"
            },
            {
              "name": "24865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24865"
            },
            {
              "name": "34132",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34132"
            },
            {
              "name": "cisco-wcs-ftp-unauthorized-access(33614)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2032",
    "datePublished": "2007-04-16T21:00:00",
    "dateReserved": "2007-04-16T00:00:00",
    "dateUpdated": "2024-08-07T13:23:49.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFF3680D-50CB-4854-84B8-34129DDB2A2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A3F299-4388-4940-8046-2E58CF0A7B60\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \\\"properties of the FTP server,\\\" aka Bug ID CSCse93014.\"}, {\"lang\": \"es\", \"value\": \"Cisco Wireless Control System (WCS) anterior a 4.0.96.0 tiene el nombre de usuario y la contrase\\u00f1a fija en el c\\u00f3digo para operaciones de backup, lo cual permite a atacantes remotos leer y modificar archivos de su elecci\\u00f3n mediante vectores no especificados relacionados con \\\"propiedades del servidor FTP\\\", tambi\\u00e9n conocido como Bug ID CSCse93014.\"}]",
      "id": "CVE-2007-2032",
      "lastModified": "2024-11-21T00:29:44.457",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-04-16T21:19:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/24865\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017907\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/34132\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23460\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1367\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33614\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017907\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/34132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23460\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33614\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2032\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-16T21:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \\\"properties of the FTP server,\\\" aka Bug ID CSCse93014.\"},{\"lang\":\"es\",\"value\":\"Cisco Wireless Control System (WCS) anterior a 4.0.96.0 tiene el nombre de usuario y la contrase\u00f1a fija en el c\u00f3digo para operaciones de backup, lo cual permite a atacantes remotos leer y modificar archivos de su elecci\u00f3n mediante vectores no especificados relacionados con \\\"propiedades del servidor FTP\\\", tambi\u00e9n conocido como Bug ID CSCse93014.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFF3680D-50CB-4854-84B8-34129DDB2A2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A3F299-4388-4940-8046-2E58CF0A7B60\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/24865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017907\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/34132\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23460\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1367\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33614\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/34132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-3737-4GJF-CP7R

Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2022-05-01 17:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2032"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T21:19:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014.",
  "id": "GHSA-3737-4gjf-cp7r",
  "modified": "2022-05-01T17:59:22Z",
  "published": "2022-05-01T17:59:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2032"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24865"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017907"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34132"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23460"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1367"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2032

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2032

Aliases

CVE-2007-2032

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2032",
    "description": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014.",
    "id": "GSD-2007-2032"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2032"
      ],
      "details": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014.",
      "id": "GSD-2007-2032",
      "modified": "2023-12-13T01:21:37.675924Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2032",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
          },
          {
            "name": "ADV-2007-1367",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1367"
          },
          {
            "name": "1017907",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017907"
          },
          {
            "name": "23460",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23460"
          },
          {
            "name": "24865",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24865"
          },
          {
            "name": "34132",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34132"
          },
          {
            "name": "cisco-wcs-ftp-unauthorized-access(33614)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2032"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
            },
            {
              "name": "23460",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23460"
            },
            {
              "name": "1017907",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017907"
            },
            {
              "name": "24865",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24865"
            },
            {
              "name": "34132",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/34132"
            },
            {
              "name": "ADV-2007-1367",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1367"
            },
            {
              "name": "cisco-wcs-ftp-unauthorized-access(33614)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2007-04-16T21:19Z"
    }
  }
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans deux applications utilisées avec des produits sans-fil Cisco : le Cisco Wireless LAN Controller (WLC) et le Cisco Wireless Control System (WCS). Les conséquences de l'exploitation de celles-ci sont variées, incluant un déni de service du point d'accès, un accès illégitime à la configuration (lecture et écriture), ou une élévation de privilèges.

Description

Cisco Wireless LAN Controller (WLC) est une application qui permet d'administrer les points d'accès Cisco (Aironet), par le biais du protocole LWAPP (pour Lightweight Access Point Protocol. Parmi les vulnérabilités :

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

Description

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2007-2032

Vulnerability from fkie_nvd - Published: 2007-04-16 21:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/24865	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017907
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml	Patch
cve@mitre.org	http://www.osvdb.org/34132
cve@mitre.org	http://www.securityfocus.com/bid/23460
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1367
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33614
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24865	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017907
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34132
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23460
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1367
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33614

Impacted products

	Vendor	Product	Version
	cisco	wireless_control_system	4.0
	cisco	wireless_control_system	4.0.95

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF3680D-50CB-4854-84B8-34129DDB2A2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A3F299-4388-4940-8046-2E58CF0A7B60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014."
    },
    {
      "lang": "es",
      "value": "Cisco Wireless Control System (WCS) anterior a 4.0.96.0 tiene el nombre de usuario y la contrase\u00f1a fija en el c\u00f3digo para operaciones de backup, lo cual permite a atacantes remotos leer y modificar archivos de su elecci\u00f3n mediante vectores no especificados relacionados con \"propiedades del servidor FTP\", tambi\u00e9n conocido como Bug ID CSCse93014."
    }
  ],
  "id": "CVE-2007-2032",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24865"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017907"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/34132"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1367"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/34132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200704-0016

Vulnerability from variot - Updated: 2023-12-18 12:46

Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. In some cases, this can lead to changing system files and hacking the server.

Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/

TITLE: Cisco Wireless Control System Vulnerability and Security Issues

SECUNIA ADVISORY ID: SA24865

VERIFY ADVISORY: http://secunia.com/advisories/24865/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access

WHERE:

From remote

SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/

DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system.

1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems.

Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server.

The security issue has been reported in WCS prior to version 4.0.96.0.

2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership.

Successful exploitation can allow full administrative control of WCS, but requires a valid username and password.

The vulnerability is reported in WCS prior to version 4.0.87.0.

3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations.

The security issue is reported in WCS prior to version 4.0.66.0.

SOLUTION: Update to version 4.0.96.0 or later.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0016",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless control system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "wireless control system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0.95"
      },
      {
        "model": "wireless control system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.96.0"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.95"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "wireless control system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.96"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2032",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-2032",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-25394",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2032",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-259",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25394",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to \"properties of the FTP server,\" aka Bug ID CSCse93014. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. \nAn attacker can exploit these issues to obtain sensitive information,  gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. \nVersions prior to 4.0.96.0 are vulnerable. \nThese issues are being tracked by Cisco Bug IDs:\nCSCse93014\nCSCse78596\nCSCsg05190\nCSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. In some cases, this can lead to changing system files and hacking the server. \n\n----------------------------------------------------------------------\n\nSecunia customers receive relevant and filtered advisories. \nDelivery is done via different channels including SMS, Email, Web,\nand https based XML feed. \nhttp://corporate.secunia.com/trial/38/request/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Wireless Control System Vulnerability and Security Issues\n\nSECUNIA ADVISORY ID:\nSA24865\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24865/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, Exposure of\nsensitive information, Privilege escalation, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCisco Wireless Control System (WCS)\nhttp://secunia.com/product/6332/\n\nDESCRIPTION:\nA vulnerability and two security issues have been reported in Cisco\nWireless Control System (WCS), which can be exploited by malicious\nusers to gain escalated privileges, and by malicious people to\ndisclose sensitive information, bypass certain security restrictions,\nor potentially compromise a vulnerable system. \n\n1) WCS includes a fixed username and password for backup operations\nvia FTP. This can be exploited to read from and write to arbitrary\nfiles on affected systems. \n\nSuccessful exploitation potentially allows the server to be\ncompromised, but requires knowledge of other properties of the FTP\nserver. \n\nThe security issue has been reported in WCS prior to version\n4.0.96.0. \n\n2) An unspecified error exists in the authentication system, which\ncan be exploited by an authenticated user to change his account group\nmembership. \n\nSuccessful exploitation can allow full administrative control of WCS,\nbut requires a valid username and password. \n\nThe vulnerability is reported in WCS prior to version 4.0.87.0. \n\n3) Certain directories in WCS are not password protected. This can be\nexploited to disclose certain system information, e.g. organization of\nthe network including access point locations. \n\nThe security issue is reported in WCS prior to version 4.0.66.0. \n\nSOLUTION:\nUpdate to version 4.0.96.0 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "db": "BID",
        "id": "23460"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "db": "PACKETSTORM",
        "id": "55915"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2032",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "23460",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "24865",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1367",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017907",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "34132",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "33614",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS CONTROL SYSTEM",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25394",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "55915",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "db": "BID",
        "id": "23460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "db": "PACKETSTORM",
        "id": "55915"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "id": "VAR-200704-0016",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25394"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:46:48.972000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070412-wcs",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wcs"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23460"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/34132"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017907"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24865"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1367"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33614"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2032"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2032"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/33614"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1367"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/465507"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6332/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/trial/38/request/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24865/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "db": "BID",
        "id": "23460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "db": "PACKETSTORM",
        "id": "55915"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "db": "BID",
        "id": "23460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "db": "PACKETSTORM",
        "id": "55915"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "date": "2007-04-12T00:00:00",
        "db": "BID",
        "id": "23460"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "date": "2007-04-16T16:29:53",
        "db": "PACKETSTORM",
        "id": "55915"
      },
      {
        "date": "2007-04-16T21:19:00",
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "date": "2007-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25394"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23460"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      },
      {
        "date": "2017-07-29T01:31:11.457000",
        "db": "NVD",
        "id": "CVE-2007-2032"
      },
      {
        "date": "2007-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WCS Vulnerable to arbitrary file modification",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001819"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-259"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2032 (GCVE-0-2007-2032)

GHSA-3737-4GJF-CP7R

GSD-2007-2032

CERTA-2007-AVI-172

Description

Solution

CERTA-2007-AVI-172

Description

Solution

FKIE_CVE-2007-2032

VAR-200704-0016

Tags

Sightings

Nomenclature