Sign-up

ID

VAR-201008-0355


CVE

CVE-2010-2984


TITLE

Cisco UWN Solution Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2010-004253

DESCRIPTION

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Trust: 2.07

sources: NVD: CVE-2010-2984 // JVNDB: JVNDB-2010-004253 // BID: 42387 // VULHUB: VHN-45589 // VULMON: CVE-2010-2984

AFFECTED PRODUCTS

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solution softwarescope:eqversion:7.0.98.0

Trust: 1.6

vendor:ciscomodel:unified wireless network solutionscope:ltversion:7.x

Trust: 0.8

vendor:ciscomodel:unified wireless network solutionscope:eqversion:7.0.98.0

Trust: 0.8

vendor:ciscomodel:4404 wireless lan controllerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2010-004253 // CNNVD: CNNVD-201008-080 // NVD: CVE-2010-2984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2984
value: HIGH

Trust: 1.0

NVD: CVE-2010-2984
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-080
value: CRITICAL

Trust: 0.6

VULHUB: VHN-45589
value: HIGH

Trust: 0.1

VULMON: CVE-2010-2984
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-2984
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-45589
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45589 // VULMON: CVE-2010-2984 // JVNDB: JVNDB-2010-004253 // CNNVD: CNNVD-201008-080 // NVD: CVE-2010-2984

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2010-004253 // NVD: CVE-2010-2984

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-080

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201008-080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004253

PATCH
title:Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.0.98.0url:http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004253

EXTERNAL IDS
db:NVDid:CVE-2010-2984
Trust: 2.9
db:JVNDBid:JVNDB-2010-004253
Trust: 0.8
db:CNNVDid:CNNVD-201008-080
Trust: 0.6
db:BIDid:42387
Trust: 0.4
db:VULHUBid:VHN-45589
Trust: 0.1
db:VULMONid:CVE-2010-2984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45589 // 
            
            
            
            VULMON: CVE-2010-2984 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004253 // 
            
            
            
            CNNVD: CNNVD-201008-080 // 
            
            
            
            NVD: CVE-2010-2984

REFERENCES
url:http://www.cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2984
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2984
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/42387
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45589 // 
            
            
            
            VULMON: CVE-2010-2984 // 
            
            
            
            BID: 42387 // 
            
            
            
            JVNDB: JVNDB-2010-004253 // 
            
            
            
            CNNVD: CNNVD-201008-080 // 
            
            
            
            NVD: CVE-2010-2984

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 42387

SOURCES
db:VULHUBid:VHN-45589
db:VULMONid:CVE-2010-2984
db:BIDid:42387
db:JVNDBid:JVNDB-2010-004253
db:CNNVDid:CNNVD-201008-080
db:NVDid:CVE-2010-2984

LAST UPDATE DATE
2025-04-11T22:54:11.688000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45589date:2010-08-10T00:00:00
db:VULMONid:CVE-2010-2984date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004253date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-080date:2010-08-13T00:00:00
db:NVDid:CVE-2010-2984date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45589date:2010-08-10T00:00:00
db:VULMONid:CVE-2010-2984date:2010-08-10T00:00:00
db:BIDid:42387date:2010-06-24T00:00:00
db:JVNDBid:JVNDB-2010-004253date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-080date:2010-08-13T00:00:00
db:NVDid:CVE-2010-2984date:2010-08-10T12:19:10.067