Details of VAR-200704-0022

ID

VAR-200704-0022

CVE

CVE-2007-2038

TITLE

Cisco WLC of NPU Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001825

DESCRIPTION

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values in some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841

Trust: 1.98

sources: NVD: CVE-2007-2038 // JVNDB: JVNDB-2007-001825 // BID: 23461 // VULHUB: VHN-25400

AFFECTED PRODUCTS

vendor:	cisco	model:	4400 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2000 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2100 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	4100 wireless lan controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	2100 series wireless lan controller	scope:	eq	version:	4.0.206.0	Trust: 0.8
vendor:	cisco	model:	2000 series wireless lan controller	scope:	eq	version:	4.1.x	Trust: 0.8
vendor:	cisco	model:	4100 series wireless lan controller	scope:	eq	version:	4.0.206.0	Trust: 0.8
vendor:	cisco	model:	4100 series wireless lan controller	scope:	lt	version:	4.0.x	Trust: 0.8
vendor:	cisco	model:	2000 series wireless lan controller	scope:	lt	version:	4.0.x	Trust: 0.8
vendor:	cisco	model:	2100 series wireless lan controller	scope:	lt	version:	4.0.x	Trust: 0.8
vendor:	cisco	model:	4400 series wireless lan controller	scope:	eq	version:	4.0.206.0	Trust: 0.8
vendor:	cisco	model:	4100 series wireless lan controller	scope:	eq	version:	4.1.x	Trust: 0.8
vendor:	cisco	model:	2100 series wireless lan controller	scope:	eq	version:	4.1.x	Trust: 0.8
vendor:	cisco	model:	4400 series wireless lan controller	scope:	lt	version:	4.0.x	Trust: 0.8
vendor:	cisco	model:	4400 series wireless lan controller	scope:	eq	version:	4.1.x	Trust: 0.8
vendor:	cisco	model:	2000 series wireless lan controller	scope:	eq	version:	4.0.206.0	Trust: 0.8
vendor:	cisco	model:	4400 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	2000 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	2100 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	4100 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	wireless lan controller module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst series wireless services module	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	catalyst series integrated wireless lan cont	scope:	eq	version:	37500	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1500	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	44000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	21000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1400	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1300	Trust: 0.3
vendor:	cisco	model:	aironet 1240ag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1200	Trust: 0.3
vendor:	cisco	model:	aironet 1130ag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1100	Trust: 0.3
vendor:	cisco	model:	aironet 1230ag	scope:	ne	version:	-	Trust: 0.3

sources: BID: 23461 // JVNDB: JVNDB-2007-001825 // NVD: CVE-2007-2038 // CNNVD: CNNVD-200704-266

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-2038
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200704-266
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-25400
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-2038
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-25400
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25400 // JVNDB: JVNDB-2007-001825 // NVD: CVE-2007-2038 // CNNVD: CNNVD-200704-266

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2038

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200704-266

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200704-266

CONFIGURATIONS

sources: NVD: CVE-2007-2038

PATCH

title:

cisco-sa-20070412-wlc

url:

http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc

Trust: 0.8

sources: JVNDB: JVNDB-2007-001825

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2038	Trust: 2.8
db:	BID	id:	23461	Trust: 2.0
db:	SECTRACK	id:	1017908	Trust: 1.7
db:	OSVDB	id:	34136	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1368	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001825	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-266	Trust: 0.7
db:	CISCO	id:	20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS LAN CONTROLLER AND CISCO LIGHTWEIGHT ACCESS POINTS	Trust: 0.6
db:	XF	id:	33609	Trust: 0.6
db:	VULHUB	id:	VHN-25400	Trust: 0.1

sources: VULHUB: VHN-25400 // BID: 23461 // JVNDB: JVNDB-2007-001825 // NVD: CVE-2007-2038 // CNNVD: CNNVD-200704-266

REFERENCES

url:	http://www.securityfocus.com/bid/23461	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Trust: 1.7
url:	http://www.osvdb.org/34136	Trust: 1.7
url:	http://securitytracker.com/id?1017908	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1368	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33609	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2038	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2038	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1368	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/33609	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/465506	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml	Trust: 0.3

sources: VULHUB: VHN-25400 // BID: 23461 // JVNDB: JVNDB-2007-001825 // NVD: CVE-2007-2038 // CNNVD: CNNVD-200704-266

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-266

SOURCES

db:	VULHUB	id:	VHN-25400
db:	BID	id:	23461
db:	JVNDB	id:	JVNDB-2007-001825
db:	NVD	id:	CVE-2007-2038
db:	CNNVD	id:	CNNVD-200704-266

LAST UPDATE DATE

2023-12-18T12:23:38.590000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25400	date:	2017-07-29T00:00:00
db:	BID	id:	23461	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001825	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-2038	date:	2017-07-29T01:31:11.830
db:	CNNVD	id:	CNNVD-200704-266	date:	2007-04-18T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25400	date:	2007-04-16T00:00:00
db:	BID	id:	23461	date:	2007-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-001825	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-2038	date:	2007-04-16T21:19:00
db:	CNNVD	id:	CNNVD-200704-266	date:	2007-04-16T00:00:00