Sign-up

ID

VAR-200704-0020


CVE

CVE-2007-2036


TITLE

Cisco WLC of SNMP In the implementation SNMP Variable change vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001823

DESCRIPTION

The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This vulnerability is documented in Cisco Bug ID as CSCse02384

Trust: 1.98

sources: NVD: CVE-2007-2036 // JVNDB: JVNDB-2007-001823 // BID: 23461 // VULHUB: VHN-25398

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:4.1

Trust: 1.6

vendor:ciscomodel:wireless lan controllerscope:ltversion:20070419

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:4.1

Trust: 0.6

vendor:ciscomodel:wireless lan controller modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:catalyst series wireless services modulescope:eqversion:65000

Trust: 0.3

vendor:ciscomodel:catalyst series integrated wireless lan contscope:eqversion:37500

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1500

Trust: 0.3

vendor:ciscomodel:aironetscope:eqversion:1000

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:44000

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:21000

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:20000

Trust: 0.3

vendor:ciscomodel:aironetscope:neversion:1400

Trust: 0.3

vendor:ciscomodel:aironetscope:neversion:1300

Trust: 0.3

vendor:ciscomodel:aironet 1240agscope:neversion: -

Trust: 0.3

vendor:ciscomodel:aironetscope:neversion:1200

Trust: 0.3

vendor:ciscomodel:aironet 1130agscope:neversion: -

Trust: 0.3

vendor:ciscomodel:aironetscope:neversion:1100

Trust: 0.3

vendor:ciscomodel:aironet 1230agscope:neversion: -

Trust: 0.3

sources: BID: 23461 // JVNDB: JVNDB-2007-001823 // NVD: CVE-2007-2036 // CNNVD: CNNVD-200704-276

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-2036
value: HIGH

Trust: 1.8

CNNVD: CNNVD-200704-276
value: CRITICAL

Trust: 0.6

VULHUB: VHN-25398
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: TRUE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2007-2036
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-25398
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25398 // JVNDB: JVNDB-2007-001823 // NVD: CVE-2007-2036 // CNNVD: CNNVD-200704-276

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2036

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-276

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200704-276

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-2036

PATCH
title:cisco-sa-20070412-wlcurl:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001823

EXTERNAL IDS
db:NVDid:CVE-2007-2036
Trust: 2.8
db:BIDid:23461
Trust: 2.0
db:SECTRACKid:1017908
Trust: 1.7
db:VUPENid:ADV-2007-1368
Trust: 1.7
db:OSVDBid:34134
Trust: 1.7
db:JVNDBid:JVNDB-2007-001823
Trust: 0.8
db:CNNVDid:CNNVD-200704-276
Trust: 0.7
db:XFid:33604
Trust: 0.6
db:CISCOid:20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS LAN CONTROLLER AND CISCO LIGHTWEIGHT ACCESS POINTS
Trust: 0.6
db:VULHUBid:VHN-25398
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25398 // 
            
            
            
            BID: 23461 // 
            
            
            
            JVNDB: JVNDB-2007-001823 // 
            
            
            
            NVD: CVE-2007-2036 // 
            
            
            
            CNNVD: CNNVD-200704-276

REFERENCES
url:http://www.securityfocus.com/bid/23461
Trust: 1.7
url:http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
Trust: 1.7
url:http://www.osvdb.org/34134
Trust: 1.7
url:http://securitytracker.com/id?1017908
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1368
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33604
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2036
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2036
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/33604
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1368
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/465506
Trust: 0.3
url:http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml
Trust: 0.3
sources:
            
            
            VULHUB: VHN-25398 // 
            
            
            
            BID: 23461 // 
            
            
            
            JVNDB: JVNDB-2007-001823 // 
            
            
            
            NVD: CVE-2007-2036 // 
            
            
            
            CNNVD: CNNVD-200704-276

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200704-276

SOURCES
db:VULHUBid:VHN-25398
db:BIDid:23461
db:JVNDBid:JVNDB-2007-001823
db:NVDid:CVE-2007-2036
db:CNNVDid:CNNVD-200704-276

LAST UPDATE DATE
2023-12-18T12:23:39.122000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25398date:2018-10-30T00:00:00
db:BIDid:23461date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-001823date:2012-06-26T00:00:00
db:NVDid:CVE-2007-2036date:2018-10-30T16:25:08.730
db:CNNVDid:CNNVD-200704-276date:2007-04-18T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-25398date:2007-04-16T00:00:00
db:BIDid:23461date:2007-04-12T00:00:00
db:JVNDBid:JVNDB-2007-001823date:2012-06-26T00:00:00
db:NVDid:CVE-2007-2036date:2007-04-16T21:19:00
db:CNNVDid:CNNVD-200704-276date:2007-04-16T00:00:00