OpenCVE

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	2100 Wireless Lan Controller 4400 Wireless Lan Controller

Configuration 1 [-]

OR	cpe:2.3:h:cisco:2100_wireless_lan_controller::::::::
	cpe:2.3:h:cisco:4400_wireless_lan_controller::::::::

No data.

References

Link	Providers
http://securitytracker.com/id?1017908
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
http://www.osvdb.org/34138
http://www.securityfocus.com/bid/23461
http://www.vupen.com/english/advisories/2007/1368
https://exchange.xforce.ibmcloud.com/vulnerabilities/33611

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-16T21:00:00

Updated: 2024-08-07T13:23:50.812Z

Reserved: 2007-04-16T00:00:00

Link: CVE-2007-2041

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-16T21:19:00.000

Modified: 2017-07-29T01:31:12.017

Link: CVE-2007-2041

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cisco-wlc-acl-weak-security(33611)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"}, {"name": "ADV-2007-1368", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1368"}, {"name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"}, {"name": "1017908", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017908"}, {"name": "23461", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23461"}, {"name": "34138", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34138"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2041", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cisco-wlc-acl-weak-security(33611)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"}, {"name": "ADV-2007-1368", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1368"}, {"name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"}, {"name": "1017908", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017908"}, {"name": "23461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23461"}, {"name": "34138", "refsource": "OSVDB", "url": "http://www.osvdb.org/34138"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.812Z"}, "title": "CVE Program Container", "references": [{"name": "cisco-wlc-acl-weak-security(33611)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"}, {"name": "ADV-2007-1368", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1368"}, {"name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"}, {"name": "1017908", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017908"}, {"name": "23461", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23461"}, {"name": "34138", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34138"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2041", "datePublished": "2007-04-16T21:00:00", "dateReserved": "2007-04-16T00:00:00", "dateUpdated": "2024-08-07T13:23:50.812Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."}, {"lang": "es", "value": "Cisco Wireless LAN Controller (WLC) anterior a 4.0.206.0 almacena la configuraci\u00f3n de listas de control de acceso (ACLs) de la WLAN con una suma de comprobaci\u00f3n inv\u00e1lida, lo cual evita que las ACLs de WLAN sean cargadas en el arranque, y podr\u00eda permitir a atacantes remotos evitar restricciones de acceso pretendidas, tambi\u00e9n conocido como Bug ID CSCse58195."}], "id": "CVE-2007-2041", "lastModified": "2017-07-29T01:31:12.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-16T21:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017908"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34138"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23461"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1368"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}