Sign-up

ID

VAR-200707-0187


CVE

CVE-2007-4011


TITLE

Cisco 4100 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002410

DESCRIPTION

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). This allows a second WLC to reprocess the ARP request and incorrectly re-forward the inclusion back to the network. This vulnerability is documented as CSCsj69233. In the case of Layer 3 (L3) roaming, wireless clients move from one controller to another, and the wireless LAN interfaces configured on different controllers are in different IP subnets. In this case, the unicast ARP may not be tunneled back to the anchor controller, but sent by the external controller to its native VLAN. This vulnerability is documented as CSCsj70841

Trust: 1.98

sources: NVD: CVE-2007-4011 // JVNDB: JVNDB-2007-002410 // BID: 25043 // VULHUB: VHN-27373

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:4.1

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:3.2.116.21

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:4.0.155.0

Trust: 1.0

vendor:ciscomodel:4400 series wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:ltversion:4.0

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:ltversion:4.1

Trust: 0.8

vendor:ciscomodel:airespace 4000 series wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:catalyst 3750 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:20070727

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:4.1.180.0

Trust: 0.8

vendor:ciscomodel:catalyst 6500 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:4100 series wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:catalyst 6500scope: - version: -

Trust: 0.6

vendor:ciscomodel:4400 wireless lan controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:catalyst 3750scope: - version: -

Trust: 0.6

vendor:ciscomodel:4100 wireless lan controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:airespace 4000 wireless lan controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:wireless lan controlscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:wireless lan controlscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:wireless lan controlscope:eqversion:3.2

Trust: 0.3

sources: BID: 25043 // JVNDB: JVNDB-2007-002410 // NVD: CVE-2007-4011 // CNNVD: CNNVD-200707-466

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-4011
value: HIGH

Trust: 1.8

CNNVD: CNNVD-200707-466
value: HIGH

Trust: 0.6

VULHUB: VHN-27373
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2007-4011
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-27373
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27373 // JVNDB: JVNDB-2007-002410 // NVD: CVE-2007-4011 // CNNVD: CNNVD-200707-466

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-466

TYPE

Design Error

Trust: 0.9

sources: BID: 25043 // CNNVD: CNNVD-200707-466

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-4011

PATCH
title:cisco-sa-20070724-arpurl:http://www.cisco.com/en/us/products/csa/cisco-sa-20070724-arp.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002410

EXTERNAL IDS
db:NVDid:CVE-2007-4011
Trust: 2.8
db:BIDid:25043
Trust: 2.0
db:SECTRACKid:1018444
Trust: 1.7
db:VUPENid:ADV-2007-2636
Trust: 1.7
db:SECUNIAid:26161
Trust: 1.7
db:JVNDBid:JVNDB-2007-002410
Trust: 0.8
db:CNNVDid:CNNVD-200707-466
Trust: 0.7
db:XFid:35576
Trust: 0.6
db:CISCOid:20070724 WIRELESS ARP STORM VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-27373
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27373 // 
            
            
            
            BID: 25043 // 
            
            
            
            JVNDB: JVNDB-2007-002410 // 
            
            
            
            NVD: CVE-2007-4011 // 
            
            
            
            CNNVD: CNNVD-200707-466

REFERENCES
url:http://www.cisco.com/en/us/products/products_security_advisory09186a008088ab28.shtml
Trust: 2.0
url:http://www.securityfocus.com/bid/25043
Trust: 1.7
url:http://www.securitytracker.com/id?1018444
Trust: 1.7
url:http://secunia.com/advisories/26161
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2636
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35576
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4011
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4011
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2636
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35576
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps6307/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-27373 // 
            
            
            
            BID: 25043 // 
            
            
            
            JVNDB: JVNDB-2007-002410 // 
            
            
            
            NVD: CVE-2007-4011 // 
            
            
            
            CNNVD: CNNVD-200707-466

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-466

SOURCES
db:VULHUBid:VHN-27373
db:BIDid:25043
db:JVNDBid:JVNDB-2007-002410
db:NVDid:CVE-2007-4011
db:CNNVDid:CNNVD-200707-466

LAST UPDATE DATE
2023-12-18T12:23:32.007000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27373date:2018-10-30T00:00:00
db:BIDid:25043date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2007-002410date:2012-06-26T00:00:00
db:NVDid:CVE-2007-4011date:2018-10-30T16:25:33.620
db:CNNVDid:CNNVD-200707-466date:2007-07-26T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-27373date:2007-07-26T00:00:00
db:BIDid:25043date:2007-07-24T00:00:00
db:JVNDBid:JVNDB-2007-002410date:2012-06-26T00:00:00
db:NVDid:CVE-2007-4011date:2007-07-26T00:30:00
db:CNNVDid:CNNVD-200707-466date:2007-07-25T00:00:00