CVE-2010-2843

Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml	Patch Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=21290	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.117.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.61.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.182.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.169.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.160.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.1:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.112.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.99.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.152.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.182.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.176.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.174.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.130.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:6.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.157.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.151.0:::::::*

Information

Published : 2010-09-10 11:00

Updated : 2010-09-12 21:00

NVD link : CVE-2010-2843

Mitre link : CVE-2010-2843

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

cisco

wireless_lan_controller_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml", "name": "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21290", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2843", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-09-10T18:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.117.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.182.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.169.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.160.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.99.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0.182.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.176.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.174.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.130.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.0.148.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2.157.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.1.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-09-13T04:00Z"}

9.0 /10