Sign-up

ID

VAR-201008-0349


CVE

CVE-2010-2978


TITLE

Cisco UWN Solution Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2010-004247

DESCRIPTION

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Trust: 1.98

sources: NVD: CVE-2010-2978 // JVNDB: JVNDB-2010-004247 // BID: 42387 // VULHUB: VHN-45583

AFFECTED PRODUCTS

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0.98.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solutionscope:eqversion:7.x to 7.0.98.0

Trust: 0.8

sources: JVNDB: JVNDB-2010-004247 // CNNVD: CNNVD-201008-074 // NVD: CVE-2010-2978

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2978
value: HIGH

Trust: 1.0

NVD: CVE-2010-2978
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-074
value: CRITICAL

Trust: 0.6

VULHUB: VHN-45583
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-2978
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-45583
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45583 // JVNDB: JVNDB-2010-004247 // CNNVD: CNNVD-201008-074 // NVD: CVE-2010-2978

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-45583 // JVNDB: JVNDB-2010-004247 // NVD: CVE-2010-2978

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-074

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201008-074

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004247

PATCH
title:Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.0.98.0url:http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004247

EXTERNAL IDS
db:NVDid:CVE-2010-2978
Trust: 2.8
db:JVNDBid:JVNDB-2010-004247
Trust: 0.8
db:CNNVDid:CNNVD-201008-074
Trust: 0.7
db:BIDid:42387
Trust: 0.3
db:VULHUBid:VHN-45583
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45583 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004247 // 
            
            
            
            CNNVD: CNNVD-201008-074 // 
            
            
            
            NVD: CVE-2010-2978

REFERENCES
url:http://www.cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2978
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2978
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-45583 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004247 // 
            
            
            
            CNNVD: CNNVD-201008-074 // 
            
            
            
            NVD: CVE-2010-2978

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 42387

SOURCES
db:VULHUBid:VHN-45583
db:BIDid:42387
db:JVNDBid:JVNDB-2010-004247
db:CNNVDid:CNNVD-201008-074
db:NVDid:CVE-2010-2978

LAST UPDATE DATE
2025-04-11T22:54:11.934000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45583date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004247date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-074date:2010-08-12T00:00:00
db:NVDid:CVE-2010-2978date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45583date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004247date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-074date:2010-08-12T00:00:00
db:NVDid:CVE-2010-2978date:2010-08-10T12:19:09.910