cvelistv5 - cve-2007-2041

CVE-2007-2041 (GCVE-0-2007-2041)

Vulnerability from cvelistv5

Published

2007-04-16 21:00

Modified

2024-08-07 13:23

Severity ?

CWE

Summary

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/33611	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2007/1368	vdb-entry, x_refsource_VUPEN
	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	vendor-advisory, x_refsource_CISCO
	http://securitytracker.com/id?1017908	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/23461	vdb-entry, x_refsource_BID
	http://www.osvdb.org/34138	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:50.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-wlc-acl-weak-security(33611)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
          },
          {
            "name": "ADV-2007-1368",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "1017908",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "23461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23461"
          },
          {
            "name": "34138",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cisco-wlc-acl-weak-security(33611)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
        },
        {
          "name": "ADV-2007-1368",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1368"
        },
        {
          "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
        },
        {
          "name": "1017908",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017908"
        },
        {
          "name": "23461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23461"
        },
        {
          "name": "34138",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34138"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-wlc-acl-weak-security(33611)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23461"
            },
            {
              "name": "34138",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34138"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2041",
    "datePublished": "2007-04-16T21:00:00.000Z",
    "dateReserved": "2007-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:23:50.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-172

Vulnerability from certfr_avis

De multiples vulnérabilités ont été identifiées dans deux applications utilisées avec des produits sans-fil Cisco : le Cisco Wireless LAN Controller (WLC) et le Cisco Wireless Control System (WCS). Les conséquences de l'exploitation de celles-ci sont variées, incluant un déni de service du point d'accès, un accès illégitime à la configuration (lecture et écriture), ou une élévation de privilèges.

Description

Cisco Wireless LAN Controller (WLC) est une application qui permet d'administrer les points d'accès Cisco (Aironet), par le biais du protocole LWAPP (pour Lightweight Access Point Protocol. Parmi les vulnérabilités :

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

Tags

Avis de sécurité de CISO du 12 avril 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 82128 du 12 avril 2007 :	-	other
Bulletin de sécurité Cisco ID 82129 du 12 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Catalyst 6500 Series Wireless Service Module (WiSM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2100 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless Control System (WCS) pour les versions ant\u00e9rieures \u00e0 4.0.96.0 (incluse) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4400 Series Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "l\u0027application Cisco Wireless LAN Controller (WLC) pour les versions ant\u00e9rieures \u00e0 4.0 et 3.2 (incluses) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wireless LAN Controller Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS).\n\nCisco Wireless LAN Controller (WLC) est une application qui permet\nd\u0027administrer les points d\u0027acc\u00e8s Cisco (Aironet), par le biais du\nprotocole LWAPP (pour Lightweight Access Point Protocol. Parmi les\nvuln\u00e9rabilit\u00e9s :\n\n-   les param\u00e8tres de connexion SNMP sont les valeurs connues public et\n    private. Cette vuln\u00e9rabilit\u00e9 permet donc \u00e0 une personne malveillante\n    distante d\u0027utiliser ces param\u00e8tres pour lire et modifier la\n    configuration de WLC via SNMP.\n-   le NPU (Network Processing Unit) de WLC ne manipulerait pas\n    correctement certains paquets (802.11 ou SNAP par exemple), pouvant\n    perturber le fonctionnement du syst\u00e8me.\n-   un compte d\u0027administration serait impos\u00e9 et non modifiable. Une\n    personne malveillante pourrait donc utiliser ce compte, par un acc\u00e8s\n    physique sur un port console, pour prendre le contr\u00f4le total du\n    syst\u00e8me.\n-   les listes de contr\u00f4le d\u0027acc\u00e8s ne sont pas maintenues apr\u00e8s le\n    red\u00e9marrage du syst\u00e8me.\n\nCisco Wireless Control System (WCS) fournit \u00e0 d\u0027autres syst\u00e8mes Cisco un\nensemble d\u0027outils de gestion et d\u0027administration. Parmi les\nvuln\u00e9rabilit\u00e9s le concernant :\n\n-   un compte FTP serait non modifiable ni d\u00e9sactivable. Une personne\n    malveillante pourrait ainsi acc\u00e9der \u00e0 des fichiers arbitraires\n    h\u00e9bergeant cette application.\n-   Le syst\u00e8me d\u0027authentification permettrait sous certaines conditions\n    \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de l\u0027administrateur\n    (SuperUsers).\n-   Certaines pages de WCS seraient accessibles sans demande de mot de\n    passe, par tout utilisateur, m\u00eame non authentifi\u00e9. Cette\n    vuln\u00e9rabilit\u00e9 permettrait ainsi de r\u00e9cup\u00e9rer des informations sur la\n    topologie du r\u00e9seau, la position des points d\u0027acc\u00e8s, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2038"
    },
    {
      "name": "CVE-2007-2035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2035"
    },
    {
      "name": "CVE-2007-2037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2037"
    },
    {
      "name": "CVE-2007-2041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2041"
    },
    {
      "name": "CVE-2007-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2036"
    },
    {
      "name": "CVE-2007-2039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2039"
    },
    {
      "name": "CVE-2007-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2032"
    },
    {
      "name": "CVE-2007-2034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2034"
    },
    {
      "name": "CVE-2007-2033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2033"
    },
    {
      "name": "CVE-2007-2040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2040"
    }
  ],
  "initial_release_date": "2007-04-13T00:00:00",
  "last_revision_date": "2007-04-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82128 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 82129 du 12 avril 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2007-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans deux applications\nutilis\u00e9es avec des produits sans-fil Cisco : le Cisco Wireless LAN\nController (WLC) et le Cisco Wireless Control System (WCS). Les\ncons\u00e9quences de l\u0027exploitation de celles-ci sont vari\u00e9es, incluant un\nd\u00e9ni de service du point d\u0027acc\u00e8s, un acc\u00e8s ill\u00e9gitime \u00e0 la configuration\n(lecture et \u00e9criture), ou une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits sans-fil Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de CISO du 12 avril 2007",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2041 (GCVE-0-2007-2041)

Vulnerability from cvelistv5

CERTA-2007-AVI-172

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature