cvelistv5 - cve-2007-2040

CVE-2007-2040 (GCVE-0-2007-2040)

Vulnerability from cvelistv5 – Published: 2007-04-16 21:00 – Updated: 2024-08-07 13:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2007/1368	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/34133	vdb-entryx_refsource_OSVDB
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1017908	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/23461	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:49.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-aironet-default-password(33610)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
          },
          {
            "name": "ADV-2007-1368",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "34133",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34133"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "1017908",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "23461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23461"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cisco-aironet-default-password(33610)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
        },
        {
          "name": "ADV-2007-1368",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1368"
        },
        {
          "name": "34133",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34133"
        },
        {
          "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
        },
        {
          "name": "1017908",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017908"
        },
        {
          "name": "23461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23461"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-aironet-default-password(33610)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "34133",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34133"
            },
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23461"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2040",
    "datePublished": "2007-04-16T21:00:00",
    "dateReserved": "2007-04-16T00:00:00",
    "dateUpdated": "2024-08-07T13:23:49.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.2\", \"versionEndExcluding\": \"3.2.185.0\", \"matchCriteriaId\": \"492E5E7D-A274-4B4D-B0E1-8A0FA4F209D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.206.0\", \"matchCriteriaId\": \"4FE93BEF-E6EC-45B4-8975-6C0C47964602\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:aironet_1000-series:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8191FD0B-F005-47D6-9386-7B1DACE3C037\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:aironet_1500-series:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D181210B-757B-41DB-AC1B-EE01CFF447F2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.\"}, {\"lang\": \"es\", \"value\": \"Cisco Aironet 1000 Series y 1500 Series Lightweight Access Points anteriores a 3.2.185.0, y 4.0.x anteriores a 4.0.206.0, tienen una contrase\\u00f1a fija en el c\\u00f3digo, lo cual permite a atacantes con acceso f\\u00edsico realizar acciones de su elecci\\u00f3n en el dispositivo, tambi\\u00e9n conocido como Bug ID CSCsg15192.\"}]",
      "id": "CVE-2007-2040",
      "lastModified": "2024-11-21T00:29:45.610",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 1.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-16T21:19:00.000",
      "references": "[{\"url\": \"http://securitytracker.com/id?1017908\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/34133\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/23461\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1368\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33610\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://securitytracker.com/id?1017908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/34133\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/23461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33610\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2040\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-16T21:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.\"},{\"lang\":\"es\",\"value\":\"Cisco Aironet 1000 Series y 1500 Series Lightweight Access Points anteriores a 3.2.185.0, y 4.0.x anteriores a 4.0.206.0, tienen una contrase\u00f1a fija en el c\u00f3digo, lo cual permite a atacantes con acceso f\u00edsico realizar acciones de su elecci\u00f3n en el dispositivo, tambi\u00e9n conocido como Bug ID CSCsg15192.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":6.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":1.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2\",\"versionEndExcluding\":\"3.2.185.0\",\"matchCriteriaId\":\"492E5E7D-A274-4B4D-B0E1-8A0FA4F209D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.206.0\",\"matchCriteriaId\":\"4FE93BEF-E6EC-45B4-8975-6C0C47964602\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1000-series:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8191FD0B-F005-47D6-9386-7B1DACE3C037\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1500-series:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D181210B-757B-41DB-AC1B-EE01CFF447F2\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1017908\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/34133\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/23461\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33610\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1017908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/34133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/23461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33610\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2007-2040

Vulnerability from fkie_nvd - Published: 2007-04-16 21:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1017908	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/34133	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/23461	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1368	Permissions Required
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33610	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017908	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34133	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23461	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1368	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33610	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	wireless_lan_controller_software	*
cisco	wireless_lan_controller_software	*
cisco	aironet_1000-series	-
cisco	aironet_1500-series	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "492E5E7D-A274-4B4D-B0E1-8A0FA4F209D1",
              "versionEndExcluding": "3.2.185.0",
              "versionStartIncluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE93BEF-E6EC-45B4-8975-6C0C47964602",
              "versionEndExcluding": "4.0.206.0",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1000-series:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8191FD0B-F005-47D6-9386-7B1DACE3C037",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:aironet_1500-series:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D181210B-757B-41DB-AC1B-EE01CFF447F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192."
    },
    {
      "lang": "es",
      "value": "Cisco Aironet 1000 Series y 1500 Series Lightweight Access Points anteriores a 3.2.185.0, y 4.0.x anteriores a 4.0.206.0, tienen una contrase\u00f1a fija en el c\u00f3digo, lo cual permite a atacantes con acceso f\u00edsico realizar acciones de su elecci\u00f3n en el dispositivo, tambi\u00e9n conocido como Bug ID CSCsg15192."
    }
  ],
  "id": "CVE-2007-2040",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/34133"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/34133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-2040

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2040

Aliases

CVE-2007-2040

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2040",
    "description": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.",
    "id": "GSD-2007-2040"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2040"
      ],
      "details": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.",
      "id": "GSD-2007-2040",
      "modified": "2023-12-13T01:21:37.951770Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2040",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-aironet-default-password(33610)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
          },
          {
            "name": "ADV-2007-1368",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "34133",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34133"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "1017908",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "23461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23461"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0.206.0",
                    "versionStartIncluding": "4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.185.0",
                    "versionStartIncluding": "3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:aironet_1500-series:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:aironet_1000-series:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2040"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/23461"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "34133",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/34133"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "cisco-aironet-default-password(33610)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-08-14T11:28Z",
      "publishedDate": "2007-04-16T21:19Z"
    }
  }
}

GHSA-4G65-3HRC-PMPQ

Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2022-05-01 17:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2040"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T21:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.",
  "id": "GHSA-4g65-3hrc-pmpq",
  "modified": "2022-05-01T17:59:23Z",
  "published": "2022-05-01T17:59:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2040"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34133"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200704-0024

Vulnerability from variot - Updated: 2023-12-18 12:23

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This service account is only accessible through a physical connection to the console port, but the password is the same for all devices in these families. This vulnerability is documented in Cisco Bug ID as CSCsg15192

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0024",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless lan controller software",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "wireless lan controller software",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.185.0"
      },
      {
        "model": "wireless lan controller software",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "wireless lan controller software",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "aironet 350 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1000 series    1500 series lightweight access points"
      },
      {
        "model": "wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.2.185.0"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000-series"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1500-series"
      },
      {
        "model": "wireless lan controller module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "catalyst series wireless services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "65000"
      },
      {
        "model": "catalyst series integrated wireless lan cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "37500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "41000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1400"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1300"
      },
      {
        "model": "aironet 1240ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1200"
      },
      {
        "model": "aironet 1130ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "model": "aironet 1230ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0.206.0",
                    "versionStartIncluding": "4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.185.0",
                    "versionStartIncluding": "3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:aironet_1500-series:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:aironet_1000-series:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2040",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-2040",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "VHN-25402",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2040",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-265",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25402",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25402"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN\u0027s ACLs from being installed. \nAn attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This service account is only accessible through a physical connection to the console port, but the password is the same for all devices in these families. This vulnerability is documented in Cisco Bug ID as CSCsg15192",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25402"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2040",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "23461",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1017908",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "34133",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1368",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-25402",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25402"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "id": "VAR-200704-0024",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25402"
      }
    ],
    "trust": 0.66881315
  },
  "last_update_date": "2023-12-18T12:23:38.665000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070412-wlc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc"
      },
      {
        "title": "Cisco wireless Lan Controller light AP Fixes for hard-coded service password security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96762"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23461"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/34133"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017908"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/1368"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33610"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2040"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2040"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/465506"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25402"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25402"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25402"
      },
      {
        "date": "2007-04-12T00:00:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "date": "2007-04-16T21:19:00",
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "date": "2007-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25402"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      },
      {
        "date": "2019-08-14T11:28:41.370000",
        "db": "NVD",
        "id": "CVE-2007-2040"
      },
      {
        "date": "2019-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Aironet Vulnerable to arbitrary operations on devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001827"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-265"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans deux applications utilisées avec des produits sans-fil Cisco : le Cisco Wireless LAN Controller (WLC) et le Cisco Wireless Control System (WCS). Les conséquences de l'exploitation de celles-ci sont variées, incluant un déni de service du point d'accès, un accès illégitime à la configuration (lecture et écriture), ou une élévation de privilèges.

Description

Cisco Wireless LAN Controller (WLC) est une application qui permet d'administrer les points d'accès Cisco (Aironet), par le biais du protocole LWAPP (pour Lightweight Access Point Protocol. Parmi les vulnérabilités :

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

Description

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2040 (GCVE-0-2007-2040)

FKIE_CVE-2007-2040

GSD-2007-2040

GHSA-4G65-3HRC-PMPQ

VAR-200704-0024

CERTA-2007-AVI-172

Description

Solution

CERTA-2007-AVI-172

Description

Solution

Tags

Sightings

Nomenclature