cvelistv5 - cve-2007-2041

CVE-2007-2041 (GCVE-0-2007-2041)

Vulnerability from cvelistv5 – Published: 2007-04-16 21:00 – Updated: 2024-08-07 13:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2007/1368	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1017908	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/23461	vdb-entryx_refsource_BID
	http://www.osvdb.org/34138	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:50.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-wlc-acl-weak-security(33611)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
          },
          {
            "name": "ADV-2007-1368",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "1017908",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "23461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23461"
          },
          {
            "name": "34138",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cisco-wlc-acl-weak-security(33611)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
        },
        {
          "name": "ADV-2007-1368",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1368"
        },
        {
          "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
        },
        {
          "name": "1017908",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017908"
        },
        {
          "name": "23461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23461"
        },
        {
          "name": "34138",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34138"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-wlc-acl-weak-security(33611)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23461"
            },
            {
              "name": "34138",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34138"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2041",
    "datePublished": "2007-04-16T21:00:00",
    "dateReserved": "2007-04-16T00:00:00",
    "dateUpdated": "2024-08-07T13:23:50.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B6D315-BBA5-4C37-BB74-BD1ADCA77F69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62DD77D6-9809-4B8B-A19F-1D10449C546F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.\"}, {\"lang\": \"es\", \"value\": \"Cisco Wireless LAN Controller (WLC) anterior a 4.0.206.0 almacena la configuraci\\u00f3n de listas de control de acceso (ACLs) de la WLAN con una suma de comprobaci\\u00f3n inv\\u00e1lida, lo cual evita que las ACLs de WLAN sean cargadas en el arranque, y podr\\u00eda permitir a atacantes remotos evitar restricciones de acceso pretendidas, tambi\\u00e9n conocido como Bug ID CSCse58195.\"}]",
      "id": "CVE-2007-2041",
      "lastModified": "2024-11-21T00:29:45.767",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-16T21:19:00.000",
      "references": "[{\"url\": \"http://securitytracker.com/id?1017908\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/34138\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23461\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1368\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33611\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/34138\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33611\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2041\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-16T21:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.\"},{\"lang\":\"es\",\"value\":\"Cisco Wireless LAN Controller (WLC) anterior a 4.0.206.0 almacena la configuraci\u00f3n de listas de control de acceso (ACLs) de la WLAN con una suma de comprobaci\u00f3n inv\u00e1lida, lo cual evita que las ACLs de WLAN sean cargadas en el arranque, y podr\u00eda permitir a atacantes remotos evitar restricciones de acceso pretendidas, tambi\u00e9n conocido como Bug ID CSCse58195.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B6D315-BBA5-4C37-BB74-BD1ADCA77F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62DD77D6-9809-4B8B-A19F-1D10449C546F\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1017908\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/34138\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23461\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1368\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33611\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/34138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200704-0025

Vulnerability from variot - Updated: 2023-12-18 12:23

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). WLAN ACL becomes invalid after restarting +-------------------------- WLC has a loophole in processing WLAN ACL, resulting in an invalid verification and save the WLAN ACL configuration. This vulnerability is documented in Cisco Bug ID as CSCse58195

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0025",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "4400 wireless lan controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "2100 wireless lan controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "2100 series wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "4400 series wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "4400 wireless lan controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "2100 wireless lan controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wireless lan controller module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "catalyst series wireless services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "65000"
      },
      {
        "model": "catalyst series integrated wireless lan cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "37500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "41000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1400"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1300"
      },
      {
        "model": "aironet 1240ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1200"
      },
      {
        "model": "aironet 1130ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "model": "aironet 1230ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2041",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-2041",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-25403",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2041",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-284",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25403",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN\u0027s ACLs from being installed. \nAn attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). WLAN ACL becomes invalid after restarting +-------------------------- WLC has a loophole in processing WLAN ACL, resulting in an invalid verification and save the WLAN ACL configuration. This vulnerability is documented in Cisco Bug ID as CSCse58195",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25403"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2041",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "23461",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1017908",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1368",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "34138",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS LAN CONTROLLER AND CISCO LIGHTWEIGHT ACCESS POINTS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "33611",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25403",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25403"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "id": "VAR-200704-0025",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25403"
      }
    ],
    "trust": 0.66881315
  },
  "last_update_date": "2023-12-18T12:23:39.160000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070412-wlc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23461"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/34138"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017908"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1368"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2041"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2041"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1368"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/33611"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/465506"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25403"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25403"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25403"
      },
      {
        "date": "2007-04-12T00:00:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "date": "2007-04-16T21:19:00",
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "date": "2007-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25403"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      },
      {
        "date": "2017-07-29T01:31:12.017000",
        "db": "NVD",
        "id": "CVE-2007-2041"
      },
      {
        "date": "2007-04-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WLC Vulnerable to access restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001828"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-284"
      }
    ],
    "trust": 0.6
  }
}

GHSA-MJX8-GV58-FR8M

Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2022-05-01 17:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2041"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T21:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.",
  "id": "GHSA-mjx8-gv58-fr8m",
  "modified": "2022-05-01T17:59:23Z",
  "published": "2022-05-01T17:59:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2041"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34138"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2041

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2041

Aliases

CVE-2007-2041

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2041",
    "description": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.",
    "id": "GSD-2007-2041"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2041"
      ],
      "details": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.",
      "id": "GSD-2007-2041",
      "modified": "2023-12-13T01:21:37.859663Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2041",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-wlc-acl-weak-security(33611)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
          },
          {
            "name": "ADV-2007-1368",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "1017908",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "23461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23461"
          },
          {
            "name": "34138",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34138"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2041"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23461"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "34138",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/34138"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "cisco-wlc-acl-weak-security(33611)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2007-04-16T21:19Z"
    }
  }
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans deux applications utilisées avec des produits sans-fil Cisco : le Cisco Wireless LAN Controller (WLC) et le Cisco Wireless Control System (WCS). Les conséquences de l'exploitation de celles-ci sont variées, incluant un déni de service du point d'accès, un accès illégitime à la configuration (lecture et écriture), ou une élévation de privilèges.

Description

Cisco Wireless LAN Controller (WLC) est une application qui permet d'administrer les points d'accès Cisco (Aironet), par le biais du protocole LWAPP (pour Lightweight Access Point Protocol. Parmi les vulnérabilités :

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

Description

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2007-2041

Vulnerability from fkie_nvd - Published: 2007-04-16 21:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1017908
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/34138
cve@mitre.org	http://www.securityfocus.com/bid/23461
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1368
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33611
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017908
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34138
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23461
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1368
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33611

Impacted products

	Vendor	Product	Version
	cisco	2100_wireless_lan_controller	*
	cisco	4400_wireless_lan_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
    },
    {
      "lang": "es",
      "value": "Cisco Wireless LAN Controller (WLC) anterior a 4.0.206.0 almacena la configuraci\u00f3n de listas de control de acceso (ACLs) de la WLAN con una suma de comprobaci\u00f3n inv\u00e1lida, lo cual evita que las ACLs de WLAN sean cargadas en el arranque, y podr\u00eda permitir a atacantes remotos evitar restricciones de acceso pretendidas, tambi\u00e9n conocido como Bug ID CSCse58195."
    }
  ],
  "id": "CVE-2007-2041",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/34138"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/34138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2041 (GCVE-0-2007-2041)

VAR-200704-0025

GHSA-MJX8-GV58-FR8M

GSD-2007-2041

CERTA-2007-AVI-172

Description

Solution

CERTA-2007-AVI-172

Description

Solution

FKIE_CVE-2007-2041

Tags

Sightings

Nomenclature