Details of VAR-200704-0024

ID

VAR-200704-0024

CVE

CVE-2007-2040

TITLE

Cisco Aironet Vulnerable to arbitrary operations on devices

Trust: 0.8

sources: JVNDB: JVNDB-2007-001827

DESCRIPTION

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This service account is only accessible through a physical connection to the console port, but the password is the same for all devices in these families. This vulnerability is documented in Cisco Bug ID as CSCsg15192

Trust: 1.98

sources: NVD: CVE-2007-2040 // JVNDB: JVNDB-2007-001827 // BID: 23461 // VULHUB: VHN-25402

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	3.2	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	3.2.185.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	4.0.206.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	gte	version:	4.0	Trust: 1.0
vendor:	cisco	model:	aironet 350 series	scope:	eq	version:	1000 series 1500 series lightweight access points	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	lt	version:	3.2.185.0	Trust: 0.8
vendor:	cisco	model:	aironet	scope:	eq	version:	1000-series	Trust: 0.6
vendor:	cisco	model:	aironet	scope:	eq	version:	1500-series	Trust: 0.6
vendor:	cisco	model:	wireless lan controller module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst series wireless services module	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	catalyst series integrated wireless lan cont	scope:	eq	version:	37500	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1500	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	eq	version:	1000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	44000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	21000	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1400	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1300	Trust: 0.3
vendor:	cisco	model:	aironet 1240ag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1200	Trust: 0.3
vendor:	cisco	model:	aironet 1130ag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	aironet	scope:	ne	version:	1100	Trust: 0.3
vendor:	cisco	model:	aironet 1230ag	scope:	ne	version:	-	Trust: 0.3

sources: BID: 23461 // JVNDB: JVNDB-2007-001827 // NVD: CVE-2007-2040 // CNNVD: CNNVD-200704-265

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-2040
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200704-265
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-25402
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	TRUE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-2040
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-25402
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25402 // JVNDB: JVNDB-2007-001827 // NVD: CVE-2007-2040 // CNNVD: CNNVD-200704-265

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2040

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200704-265

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-265

CONFIGURATIONS

sources: NVD: CVE-2007-2040

PATCH

title:	cisco-sa-20070412-wlc	url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070412-wlc	Trust: 0.8
title:	Cisco wireless Lan Controller light AP Fixes for hard-coded service password security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96762	Trust: 0.6

sources: JVNDB: JVNDB-2007-001827 // CNNVD: CNNVD-200704-265

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2040	Trust: 2.8
db:	BID	id:	23461	Trust: 2.0
db:	SECTRACK	id:	1017908	Trust: 1.7
db:	OSVDB	id:	34133	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1368	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001827	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-265	Trust: 0.7
db:	VULHUB	id:	VHN-25402	Trust: 0.1

sources: VULHUB: VHN-25402 // BID: 23461 // JVNDB: JVNDB-2007-001827 // NVD: CVE-2007-2040 // CNNVD: CNNVD-200704-265

REFERENCES

url:	http://www.securityfocus.com/bid/23461	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Trust: 1.7
url:	http://www.osvdb.org/34133	Trust: 1.7
url:	http://securitytracker.com/id?1017908	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1368	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33610	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2040	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2040	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/465506	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml	Trust: 0.3

sources: VULHUB: VHN-25402 // BID: 23461 // JVNDB: JVNDB-2007-001827 // NVD: CVE-2007-2040 // CNNVD: CNNVD-200704-265

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-265

SOURCES

db:	VULHUB	id:	VHN-25402
db:	BID	id:	23461
db:	JVNDB	id:	JVNDB-2007-001827
db:	NVD	id:	CVE-2007-2040
db:	CNNVD	id:	CNNVD-200704-265

LAST UPDATE DATE

2023-12-18T12:23:38.665000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25402	date:	2019-08-14T00:00:00
db:	BID	id:	23461	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001827	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-2040	date:	2019-08-14T11:28:41.370
db:	CNNVD	id:	CNNVD-200704-265	date:	2019-08-15T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25402	date:	2007-04-16T00:00:00
db:	BID	id:	23461	date:	2007-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-001827	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-2040	date:	2007-04-16T21:19:00
db:	CNNVD	id:	CNNVD-200704-265	date:	2007-04-16T00:00:00