CVE-2007-2041

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 4.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Vendor Advisory
http://www.securityfocus.com/bid/23461
http://securitytracker.com/id?1017908
http://www.osvdb.org/34138
http://www.vupen.com/english/advisories/2007/1368
https://exchange.xforce.ibmcloud.com/vulnerabilities/33611

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:2100_wireless_lan_controller::::::::
	cpe:2.3:h:cisco:4400_wireless_lan_controller::::::::

Information

Published : 2007-04-16 14:19

Updated : 2017-07-28 18:31

NVD link : CVE-2007-2041

Mitre link : CVE-2007-2041

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

4400_wireless_lan_controller
2100_wireless_lan_controller

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml", "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/23461", "name": "23461", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1017908", "name": "1017908", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/34138", "name": "34138", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/1368", "name": "ADV-2007-1368", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611", "name": "cisco-wlc-acl-weak-security(33611)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2041", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-04-16T21:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}

4.0 /10