Sign-up

ID

VAR-201008-0347


CVE

CVE-2010-2976


TITLE

Cisco UWN Solution Vulnerabilities that allow access rights to be acquired in other controllers

Trust: 0.8

sources: JVNDB: JVNDB-2010-004245

DESCRIPTION

The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access. Cisco Unified Wireless Network (UWN) Solution There is a vulnerability in which access rights can be obtained because of the following controller. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible

Trust: 1.98

sources: NVD: CVE-2010-2976 // JVNDB: JVNDB-2010-004245 // BID: 42387 // VULHUB: VHN-45581

AFFECTED PRODUCTS

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0.98.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solutionscope:eqversion:7.x to 7.0.98.0

Trust: 0.8

sources: JVNDB: JVNDB-2010-004245 // CNNVD: CNNVD-201008-072 // NVD: CVE-2010-2976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2976
value: HIGH

Trust: 1.0

NVD: CVE-2010-2976
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-072
value: CRITICAL

Trust: 0.6

VULHUB: VHN-45581
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-2976
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-45581
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45581 // JVNDB: JVNDB-2010-004245 // CNNVD: CNNVD-201008-072 // NVD: CVE-2010-2976

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-45581 // JVNDB: JVNDB-2010-004245 // NVD: CVE-2010-2976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-072

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201008-072

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004245

PATCH
title:Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.0.98.0url:http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004245

EXTERNAL IDS
db:NVDid:CVE-2010-2976
Trust: 2.8
db:JVNDBid:JVNDB-2010-004245
Trust: 0.8
db:CNNVDid:CNNVD-201008-072
Trust: 0.7
db:BIDid:42387
Trust: 0.3
db:VULHUBid:VHN-45581
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45581 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004245 // 
            
            
            
            CNNVD: CNNVD-201008-072 // 
            
            
            
            NVD: CVE-2010-2976

REFERENCES
url:http://www.cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2976
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2976
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-45581 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004245 // 
            
            
            
            CNNVD: CNNVD-201008-072 // 
            
            
            
            NVD: CVE-2010-2976

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 42387

SOURCES
db:VULHUBid:VHN-45581
db:BIDid:42387
db:JVNDBid:JVNDB-2010-004245
db:CNNVDid:CNNVD-201008-072
db:NVDid:CVE-2010-2976

LAST UPDATE DATE
2025-04-11T22:54:11.782000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45581date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004245date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-072date:2010-08-12T00:00:00
db:NVDid:CVE-2010-2976date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45581date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004245date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-072date:2010-08-12T00:00:00
db:NVDid:CVE-2010-2976date:2010-08-10T12:19:09.850