Executive Summary
| Summary | |
|---|---|
| Title | Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20070412-wlc | First vendor Publication | 2007-02-19 |
| Vendor | Cisco | Last vendor Modification | 2008-04-24 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). The WLC contains multiple vulnerabilities that could result in a denial of service (DoS) condition, information disclosure, or access control list changes, or allow an attacker to gain full administrative access. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 34139 | Cisco Wireless LAN Controller (WLC) Network Processing Unit (NPU) Malformed H... Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered by malformed packet lengths, and will result in loss of availability for the platform. |
| 34138 | Cisco Wireless LAN Controller (WLC) WLAN ACL Configuration Loading Weakness Wireless LAN Controller contains a flaw that may cause ACL entries to be discarded. The issue is triggered when the controller is rebooted, and ACLs are silently discarded. It is possible that the flaw may allow a weaker-than-expected security configuration resulting in a loss of integrity. |
| 34137 | Cisco Wireless LAN Controller (WLC) Network Processing Unit (NPU) Malformed 8... Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered by malformed 802.11 packets, and will result in loss of availability for the platform. |
| 34136 | Cisco Wireless LAN Controller (WLC) Network Processing Unit (NPU) Crafted SNA... Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered by malformed SNAP packets, and will result in loss of availability for the platform. |
| 34135 | Cisco Wireless LAN Controller (WLC) Malformed Ethernet Traffic DoS Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered by malformed Ethernet traffic on the local network, and will result in loss of availability for the platform. |
| 34134 | Cisco Wireless LAN Controller (WLC) Default Community/Private SNMP Strings By default, Wireless LAN Controller installs with default SNMP community strings. The read-only string is 'public,' and the read-write string is 'private' which is publicly known and documented. This allows attackers to trivially access the program or system. |
| 34133 | Cisco Aironet Lightweight Access Points Persistent Admin Password By default, Aironet 1000 & 1500 Series Lightweight Access Points install with a default password. This allows attackers with console access to trivially access the system. |
