Details of VAR-200707-0188

ID

VAR-200707-0188

CVE

CVE-2007-4012

TITLE

Cisco 4100 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002411

DESCRIPTION

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. There is a vulnerability in the WLC's handling of unicast ARP traffic, and the LAN link between the wireless LAN controllers in the mobility group may be flooded with unicast ARP requests. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). If multiple WLCs are installed on the corresponding VLAN, it will cause an ARP storm. This vulnerability is documented as CSCsj50374

Trust: 1.98

sources: NVD: CVE-2007-4012 // JVNDB: JVNDB-2007-002411 // BID: 25043 // VULHUB: VHN-27374

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	3.2.116.21	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	4.0.155.0	Trust: 1.0
vendor:	cisco	model:	4400 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	software 4.1.180.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	lt	version:	4.1	Trust: 0.8
vendor:	cisco	model:	airespace 4000 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 3750 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6500 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	4100 series wireless lan controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6500	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	4400 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3750	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	4100 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	airespace 4000 wireless lan controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	wireless lan control	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	wireless lan control	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	wireless lan control	scope:	eq	version:	3.2	Trust: 0.3

sources: BID: 25043 // JVNDB: JVNDB-2007-002411 // NVD: CVE-2007-4012 // CNNVD: CNNVD-200707-440

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-4012
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-200707-440
value:	HIGH
Trust: 0.6
VULHUB:	VHN-27374
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-4012
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-27374
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27374 // JVNDB: JVNDB-2007-002411 // NVD: CVE-2007-4012 // CNNVD: CNNVD-200707-440

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-440

TYPE

Design Error

Trust: 0.9

sources: BID: 25043 // CNNVD: CNNVD-200707-440

CONFIGURATIONS

sources: NVD: CVE-2007-4012

PATCH

title:

cisco-sa-20070724-arp

url:

http://www.cisco.com/en/us/products/csa/cisco-sa-20070724-arp.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002411

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4012	Trust: 2.8
db:	BID	id:	25043	Trust: 2.0
db:	SECTRACK	id:	1018444	Trust: 1.7
db:	VUPEN	id:	ADV-2007-2636	Trust: 1.7
db:	SECUNIA	id:	26161	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002411	Trust: 0.8
db:	XF	id:	35576	Trust: 0.6
db:	XF	id:	44591	Trust: 0.6
db:	CISCO	id:	20070724 WIRELESS ARP STORM VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200707-440	Trust: 0.6
db:	VULHUB	id:	VHN-27374	Trust: 0.1

sources: VULHUB: VHN-27374 // BID: 25043 // JVNDB: JVNDB-2007-002411 // NVD: CVE-2007-4012 // CNNVD: CNNVD-200707-440

REFERENCES

url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008088ab28.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/25043	Trust: 1.7
url:	http://www.securitytracker.com/id?1018444	Trust: 1.7
url:	http://secunia.com/advisories/26161	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/2636	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35576	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44591	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4012	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4012	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/2636	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/44591	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/35576	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps6307/index.html	Trust: 0.3

sources: VULHUB: VHN-27374 // BID: 25043 // JVNDB: JVNDB-2007-002411 // NVD: CVE-2007-4012 // CNNVD: CNNVD-200707-440

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200707-440

SOURCES

db:	VULHUB	id:	VHN-27374
db:	BID	id:	25043
db:	JVNDB	id:	JVNDB-2007-002411
db:	NVD	id:	CVE-2007-4012
db:	CNNVD	id:	CNNVD-200707-440

LAST UPDATE DATE

2023-12-18T12:23:32.489000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27374	date:	2018-10-30T00:00:00
db:	BID	id:	25043	date:	2016-07-05T22:00:00
db:	JVNDB	id:	JVNDB-2007-002411	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-4012	date:	2018-10-30T16:25:33.620
db:	CNNVD	id:	CNNVD-200707-440	date:	2007-07-26T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27374	date:	2007-07-26T00:00:00
db:	BID	id:	25043	date:	2007-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2007-002411	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-4012	date:	2007-07-26T00:30:00
db:	CNNVD	id:	CNNVD-200707-440	date:	2007-07-25T00:00:00