Details of VAR-200704-0023

ID

VAR-200704-0023

CVE

CVE-2007-2039

TITLE

Cisco WLC of NPU Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001826

DESCRIPTION

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values in some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841

Trust: 2.07

sources: NVD: CVE-2007-2039 // JVNDB: JVNDB-2007-001826 // BID: 23461 // VULHUB: VHN-25401 // VULMON: CVE-2007-2039

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	4.1.171.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	4.1	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	4.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	3.2	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	4.0.206.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	3.2.171.5	Trust: 1.0
vendor:	cisco	model:	wireless lan controller	scope:	lt	version:	4.0.x	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.206.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.1.x	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	3.2.116.21	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.1	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.1	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	4.0.155.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst series wireless services module	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	catalyst series integrated wireless lan cont	scope:	eq	version:	37500	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1500	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	44000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	21000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1400	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1300	Trust: 0.3
vendor:	cisco	model:	aironet 1240ag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1200	Trust: 0.3
vendor:	cisco	model:	aironet 1130ag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1100	Trust: 0.3
vendor:	cisco	model:	aironet 1230ag	scope:	ne	version:	-	Trust: 0.3

sources: BID: 23461 // JVNDB: JVNDB-2007-001826 // NVD: CVE-2007-2039 // CNNVD: CNNVD-200704-281

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-2039
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200704-281
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-25401
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-2039
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-2039
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
VULHUB:	VHN-25401
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25401 // VULMON: CVE-2007-2039 // JVNDB: JVNDB-2007-001826 // NVD: CVE-2007-2039 // CNNVD: CNNVD-200704-281

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.1

sources: VULHUB: VHN-25401 // NVD: CVE-2007-2039

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200704-281

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200704-281

CONFIGURATIONS

sources: NVD: CVE-2007-2039

PATCH

title:

cisco-sa-20070412-wlc

url:

http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc

Trust: 0.8

sources: JVNDB: JVNDB-2007-001826

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2039	Trust: 2.9
db:	BID	id:	23461	Trust: 2.1
db:	SECTRACK	id:	1017908	Trust: 1.8
db:	OSVDB	id:	34137	Trust: 1.8
db:	OSVDB	id:	34139	Trust: 1.8
db:	VUPEN	id:	ADV-2007-1368	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-001826	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-281	Trust: 0.7
db:	CISCO	id:	20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS LAN CONTROLLER AND CISCO LIGHTWEIGHT ACCESS POINTS	Trust: 0.6
db:	XF	id:	33609	Trust: 0.6
db:	VULHUB	id:	VHN-25401	Trust: 0.1
db:	VULMON	id:	CVE-2007-2039	Trust: 0.1

sources: VULHUB: VHN-25401 // VULMON: CVE-2007-2039 // BID: 23461 // JVNDB: JVNDB-2007-001826 // NVD: CVE-2007-2039 // CNNVD: CNNVD-200704-281

REFERENCES

url:	http://www.securityfocus.com/bid/23461	Trust: 1.8
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Trust: 1.8
url:	http://www.osvdb.org/34137	Trust: 1.8
url:	http://www.osvdb.org/34139	Trust: 1.8
url:	http://securitytracker.com/id?1017908	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2007/1368	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33609	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2039	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2039	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/33609	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/1368	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/465506	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=13047	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-25401 // VULMON: CVE-2007-2039 // BID: 23461 // JVNDB: JVNDB-2007-001826 // NVD: CVE-2007-2039 // CNNVD: CNNVD-200704-281

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-281

SOURCES

db:	VULHUB	id:	VHN-25401
db:	VULMON	id:	CVE-2007-2039
db:	BID	id:	23461
db:	JVNDB	id:	JVNDB-2007-001826
db:	NVD	id:	CVE-2007-2039
db:	CNNVD	id:	CNNVD-200704-281

LAST UPDATE DATE

2023-12-18T12:23:39.192000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25401	date:	2018-11-01T00:00:00
db:	VULMON	id:	CVE-2007-2039	date:	2018-11-01T00:00:00
db:	BID	id:	23461	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001826	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-2039	date:	2018-11-01T16:55:29.147
db:	CNNVD	id:	CNNVD-200704-281	date:	2007-04-18T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25401	date:	2007-04-16T00:00:00
db:	VULMON	id:	CVE-2007-2039	date:	2007-04-16T00:00:00
db:	BID	id:	23461	date:	2007-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-001826	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-2039	date:	2007-04-16T21:19:00
db:	CNNVD	id:	CNNVD-200704-281	date:	2007-04-16T00:00:00