Sign-up

ID

VAR-201008-0346


CVE

CVE-2010-2975


TITLE

Cisco UWN Solution Password read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-004244

DESCRIPTION

Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Trust: 1.98

sources: NVD: CVE-2010-2975 // JVNDB: JVNDB-2010-004244 // BID: 42387 // VULHUB: VHN-45580

AFFECTED PRODUCTS

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0.98.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solutionscope:eqversion:7.x to 7.0.98.0

Trust: 0.8

sources: JVNDB: JVNDB-2010-004244 // CNNVD: CNNVD-201008-071 // NVD: CVE-2010-2975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2975
value: LOW

Trust: 1.0

NVD: CVE-2010-2975
value: LOW

Trust: 0.8

CNNVD: CNNVD-201008-071
value: LOW

Trust: 0.6

VULHUB: VHN-45580
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2010-2975
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-45580
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45580 // JVNDB: JVNDB-2010-004244 // CNNVD: CNNVD-201008-071 // NVD: CVE-2010-2975

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-45580 // JVNDB: JVNDB-2010-004244 // NVD: CVE-2010-2975

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201008-071

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201008-071

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004244

PATCH
title:Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.0.98.0url:http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004244

EXTERNAL IDS
db:NVDid:CVE-2010-2975
Trust: 2.8
db:JVNDBid:JVNDB-2010-004244
Trust: 0.8
db:CNNVDid:CNNVD-201008-071
Trust: 0.7
db:BIDid:42387
Trust: 0.3
db:VULHUBid:VHN-45580
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45580 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004244 // 
            
            
            
            CNNVD: CNNVD-201008-071 // 
            
            
            
            NVD: CVE-2010-2975

REFERENCES
url:http://www.cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2975
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2975
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-45580 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004244 // 
            
            
            
            CNNVD: CNNVD-201008-071 // 
            
            
            
            NVD: CVE-2010-2975

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 42387

SOURCES
db:VULHUBid:VHN-45580
db:BIDid:42387
db:JVNDBid:JVNDB-2010-004244
db:CNNVDid:CNNVD-201008-071
db:NVDid:CVE-2010-2975

LAST UPDATE DATE
2025-04-11T22:54:11.752000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45580date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004244date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-071date:2010-08-12T00:00:00
db:NVDid:CVE-2010-2975date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45580date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004244date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-071date:2010-08-12T00:00:00
db:NVDid:CVE-2010-2975date:2010-08-10T12:18:55.553