Sign-up

ID

VAR-201008-0353


CVE

CVE-2010-2982


TITLE

Cisco UWN Solution Vulnerable to group password discovery

Trust: 0.8

sources: JVNDB: JVNDB-2010-004251

DESCRIPTION

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. Cisco Unified Wireless Network (UWN) Solution is prone to multiple security vulnerabilities, including denial of service, authentication bypass, information disclosure, unauthorized access, and an unspecified remote vulnerability. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable. A remote attacker discovers a set of passwords through a series of SNMP requests

Trust: 1.98

sources: NVD: CVE-2010-2982 // JVNDB: JVNDB-2010-004251 // BID: 42387 // VULHUB: VHN-45587

AFFECTED PRODUCTS

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0.98.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solutionscope:eqversion:7.0.98.0

Trust: 0.8

vendor:ciscomodel:unified wireless network solutionscope:ltversion:7.x

Trust: 0.8

sources: JVNDB: JVNDB-2010-004251 // CNNVD: CNNVD-201008-078 // NVD: CVE-2010-2982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2982
value: HIGH

Trust: 1.0

NVD: CVE-2010-2982
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-078
value: HIGH

Trust: 0.6

VULHUB: VHN-45587
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-2982
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-45587
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45587 // JVNDB: JVNDB-2010-004251 // CNNVD: CNNVD-201008-078 // NVD: CVE-2010-2982

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-45587 // JVNDB: JVNDB-2010-004251 // NVD: CVE-2010-2982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-078

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201008-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004251

PATCH
title:Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.0.98.0url:http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004251

EXTERNAL IDS
db:NVDid:CVE-2010-2982
Trust: 2.8
db:JVNDBid:JVNDB-2010-004251
Trust: 0.8
db:CNNVDid:CNNVD-201008-078
Trust: 0.7
db:BIDid:42387
Trust: 0.3
db:VULHUBid:VHN-45587
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45587 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004251 // 
            
            
            
            CNNVD: CNNVD-201008-078 // 
            
            
            
            NVD: CVE-2010-2982

REFERENCES
url:http://www.cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2982
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2982
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-45587 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004251 // 
            
            
            
            CNNVD: CNNVD-201008-078 // 
            
            
            
            NVD: CVE-2010-2982

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 42387

SOURCES
db:VULHUBid:VHN-45587
db:BIDid:42387
db:JVNDBid:JVNDB-2010-004251
db:CNNVDid:CNNVD-201008-078
db:NVDid:CVE-2010-2982

LAST UPDATE DATE
2025-04-11T22:54:11.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45587date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004251date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-078date:2010-08-13T00:00:00
db:NVDid:CVE-2010-2982date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45587date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004251date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-078date:2010-08-13T00:00:00
db:NVDid:CVE-2010-2982date:2010-08-10T12:19:10.007