CVE-2007-2041

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 4.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://securitytracker.com/id?1017908
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Vendor Advisory
http://www.osvdb.org/34138
http://www.securityfocus.com/bid/23461
http://www.vupen.com/english/advisories/2007/1368
https://exchange.xforce.ibmcloud.com/vulnerabilities/33611

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:2100_wireless_lan_controller::::::::
	cpe:2.3:h:cisco:4400_wireless_lan_controller::::::::

History

No history.

Information

Published : 2007-04-16 21:19

Updated : 2017-07-29 01:31

NVD link : CVE-2007-2041

Mitre link : CVE-2007-2041

CVE.ORG link : CVE-2007-2041

JSON object : View

Products Affected

cisco

4400_wireless_lan_controller
2100_wireless_lan_controller

CWE

NVD-CWE-Other

{"id": "CVE-2007-2041", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-16T21:19:00.000", "references": [{"url": "http://securitytracker.com/id?1017908", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/34138", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23461", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1368", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."}, {"lang": "es", "value": "Cisco Wireless LAN Controller (WLC) anterior a 4.0.206.0 almacena la configuraci\u00f3n de listas de control de acceso (ACLs) de la WLAN con una suma de comprobaci\u00f3n inv\u00e1lida, lo cual evita que las ACLs de WLAN sean cargadas en el arranque, y podr\u00eda permitir a atacantes remotos evitar restricciones de acceso pretendidas, tambi\u00e9n conocido como Bug ID CSCse58195."}], "lastModified": "2017-07-29T01:31:12.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69"}, {"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}