Vulnerability CVE-2010-2841 - CERT Civis.Net

Vulnerability Name:

CVE-2010-2841 (CCN-61667)

Assigned:

2010-09-08

Published:

2010-09-08

Updated:

2010-09-13

Summary:

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.

CVSS v3 Severity:

5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2010-2841

Source: CCN
Type: SA41357
Cisco Wireless LAN Controllers Multiple Vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=21288

Source: CCN
Type: cisco-sa-20100908-wlc
Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Source: CISCO
Type: Patch, Vendor Advisory
20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Source: CCN
Type: OSVDB ID: 67920
Cisco WLC Unspecified HTTP Packet Handling Remote DoS

Source: CCN
Type: BID-43065
Cisco Wireless LAN Controller HTTP Packet Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
cisco-wlc-http-dos(61667)

Vulnerable Configuration:

Configuration 1:

cpe:/o:cisco:wireless_lan_controller_software:4.0.108:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.155.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.155.5:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.179.8:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.179.11:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.196:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.206.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.217.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.0.219.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.61.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.99.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.112.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.117.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.130.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.174.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.176.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.182.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2m:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.0.148.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.0.148.2:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1.151.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1.152.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1.160.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:6.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:6.0.182.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:cisco:4400_wireless_lan_controller:4.2:*:*:*:*:*:*:*

OR cpe:/h:cisco:4400_wireless_lan_controller:5.2:*:*:*:*:*:*:*

OR cpe:/h:cisco:4400_wireless_lan_controller:5.0:*:*:*:*:*:*:*

OR cpe:/h:cisco:catalyst:3750g:*:*:*:*:*:*:*

Denotes that component is vulnerable