CVE-2009-0062

Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33608
http://www.securitytracker.com/id?1021678
http://secunia.com/advisories/33749

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:::::::*
	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:::::::*
	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:::::::*

Information

Published : 2009-02-04 16:30

Updated : 2018-10-30 09:25

NVD link : CVE-2009-0062

Mitre link : CVE-2009-0062

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

cisco

catalyst_3750_series_integrated_wireless_lan_controller
wireless_lan_controller_software
catalyst_6500_wireless_services_modules

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml", "name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/33608", "name": "33608", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1021678", "name": "1021678", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/33749", "name": "33749", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0062", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-02-05T00:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}