cvelistv5 - CVE-2007-2038

CVE-2007-2038 (GCVE-0-2007-2038)

Vulnerability from cvelistv5

Published

2007-04-16 21:00

Modified

2024-08-07 13:23

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-7vw2-4wvp-q8jh

Vulnerability from github

Published

2022-05-01 17:59

Modified

2022-05-01 17:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2038"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T21:19:00Z",
    "severity": "MODERATE"
  },
  "details": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.",
  "id": "GHSA-7vw2-4wvp-q8jh",
  "modified": "2022-05-01T17:59:24Z",
  "published": "2022-05-01T17:59:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2038"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34136"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été identifiées dans deux applications utilisées avec des produits sans-fil Cisco : le Cisco Wireless LAN Controller (WLC) et le Cisco Wireless Control System (WCS). Les conséquences de l'exploitation de celles-ci sont variées, incluant un déni de service du point d'accès, un accès illégitime à la configuration (lecture et écriture), ou une élévation de privilèges.

Description

Cisco Wireless LAN Controller (WLC) est une application qui permet d'administrer les points d'accès Cisco (Aironet), par le biais du protocole LWAPP (pour Lightweight Access Point Protocol. Parmi les vulnérabilités :

les paramètres de connexion SNMP sont les valeurs connues public et private. Cette vulnérabilité permet donc à une personne malveillante distante d'utiliser ces paramètres pour lire et modifier la configuration de WLC via SNMP.
le NPU (Network Processing Unit) de WLC ne manipulerait pas correctement certains paquets (802.11 ou SNAP par exemple), pouvant perturber le fonctionnement du système.
un compte d'administration serait imposé et non modifiable. Une personne malveillante pourrait donc utiliser ce compte, par un accès physique sur un port console, pour prendre le contrôle total du système.
les listes de contrôle d'accès ne sont pas maintenues après le redémarrage du système.

Cisco Wireless Control System (WCS) fournit à d'autres systèmes Cisco un ensemble d'outils de gestion et d'administration. Parmi les vulnérabilités le concernant :

un compte FTP serait non modifiable ni désactivable. Une personne malveillante pourrait ainsi accéder à des fichiers arbitraires hébergeant cette application.
Le système d'authentification permettrait sous certaines conditions à un utilisateur d'élever ses privilèges à ceux de l'administrateur (SuperUsers).
Certaines pages de WCS seraient accessibles sans demande de mot de passe, par tout utilisateur, même non authentifié. Cette vulnérabilité permettrait ainsi de récupérer des informations sur la topologie du réseau, la position des points d'accès, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Catalyst 6500 Series Wireless Service Module (WiSM)
Cisco	N/A	Cisco 2100 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless Control System (WCS) pour les versions antérieures à 4.0.96.0 (incluse) ;
Cisco	N/A	Cisco Aironet 1000 Series
Cisco	N/A	Cisco Aironet 1500 Series
Cisco	N/A	Cisco 4400 Series Wireless LAN Controllers
Cisco	N/A	l'application Cisco Wireless LAN Controller (WLC) pour les versions antérieures à 4.0 et 3.2 (incluses) ;
Cisco	N/A	Cisco Wireless LAN Controller Module
Cisco	N/A	Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

References

Title

Publication Time

var-200704-0022

Vulnerability from variot

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values in some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0022",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "2100 wireless lan controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "4400 wireless lan controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "4100 wireless lan controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "2000 wireless lan controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "2100 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "2000 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.x"
      },
      {
        "model": "4100 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "4100 series wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.x"
      },
      {
        "model": "2000 series wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.x"
      },
      {
        "model": "2100 series wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.x"
      },
      {
        "model": "4400 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "4100 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.x"
      },
      {
        "model": "2100 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.x"
      },
      {
        "model": "4400 series wireless lan controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.x"
      },
      {
        "model": "4400 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.x"
      },
      {
        "model": "2000 series wireless lan controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.206.0"
      },
      {
        "model": "4400 wireless lan controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "2000 wireless lan controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "2100 wireless lan controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "4100 wireless lan controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wireless lan controller module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "catalyst series wireless services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "65000"
      },
      {
        "model": "catalyst series integrated wireless lan cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "37500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1500"
      },
      {
        "model": "aironet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "41000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21000"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1400"
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1300"
      },
      {
        "model": "aironet 1240ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1200"
      },
      {
        "model": "aironet 1130ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aironet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "model": "aironet 1230ag",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:2000_wireless_lan_controller",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:2100_wireless_lan_controller",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:4100_wireless_lan_controller",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:4400_wireless_lan_controller",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2038",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2007-2038",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-25400",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-2038",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-2038",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-266",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25400",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25400"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN\u0027s ACLs from being installed. \nAn attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values \u200b\u200bin some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25400"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2038",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "23461",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1017908",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "34136",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1368",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS LAN CONTROLLER AND CISCO LIGHTWEIGHT ACCESS POINTS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "33609",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25400",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25400"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "id": "VAR-200704-0022",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25400"
      }
    ],
    "trust": 0.67965547
  },
  "last_update_date": "2024-11-23T21:57:14.810000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070412-wlc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070412-wlc"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23461"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/34136"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017908"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1368"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2038"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2038"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1368"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/33609"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/465506"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a008081e189.shtml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25400"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25400"
      },
      {
        "db": "BID",
        "id": "23461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25400"
      },
      {
        "date": "2007-04-12T00:00:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "date": "2007-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "date": "2007-04-16T21:19:00",
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25400"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23461"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      },
      {
        "date": "2007-04-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      },
      {
        "date": "2024-11-21T00:29:45.327000",
        "db": "NVD",
        "id": "CVE-2007-2038"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WLC of  NPU Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001825"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-266"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-2038

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2038

Aliases

CVE-2007-2038

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2038",
    "description": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.",
    "id": "GSD-2007-2038"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2038"
      ],
      "details": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.",
      "id": "GSD-2007-2038",
      "modified": "2023-12-13T01:21:37.481553Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2038",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-1368",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1368"
          },
          {
            "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
          },
          {
            "name": "1017908",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017908"
          },
          {
            "name": "cisco-wlc-npu-traffic-dos(33609)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
          },
          {
            "name": "34136",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/34136"
          },
          {
            "name": "23461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23461"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2038"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
            },
            {
              "name": "23461",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23461"
            },
            {
              "name": "1017908",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017908"
            },
            {
              "name": "34136",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/34136"
            },
            {
              "name": "ADV-2007-1368",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1368"
            },
            {
              "name": "cisco-wlc-npu-traffic-dos(33609)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2007-04-16T21:19Z"
    }
  }
}

fkie_cve-2007-2038

Vulnerability from fkie_nvd

Published

2007-04-16 21:19

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1017908
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/34136
cve@mitre.org	http://www.securityfocus.com/bid/23461
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1368
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33609
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017908
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/34136
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23461
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1368
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33609

Impacted products

Vendor	Product	Version
cisco	2000_wireless_lan_controller	*
cisco	2100_wireless_lan_controller	*
cisco	4100_wireless_lan_controller	*
cisco	4400_wireless_lan_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361."
    },
    {
      "lang": "es",
      "value": "La Network Processing Unit (NPU) en el Cisco Wireless LAN Controller (WLC) anterior a 3.2.193.5, 4.0.x anterior a 4.0.206.0, y 4.1.x permite a atacantes remotos en una red local provocar una denegaci\u00f3n de servicio (p\u00e9rdida de reenv\u00edo de paquetes) mediante (1)paquetes SNAP manipulados, (2) tr\u00e1fico 802.11 mal formado, o (3) paquetes con determinados valores de longitud de cabecera, tambi\u00e9n conocido como Bug ID CSCsg36361."
    }
  ],
  "id": "CVE-2007-2038",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/34136"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/34136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2038 (GCVE-0-2007-2038)

Vulnerability from cvelistv5

ghsa-7vw2-4wvp-q8jh

Vulnerability from github

CERTA-2007-AVI-172

Vulnerability from certfr_avis

Description

Solution

var-200704-0022

Vulnerability from variot

gsd-2007-2038

Vulnerability from gsd

fkie_cve-2007-2038

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature