Vulnerability CVE-2010-3034 - CERT Civis.Net

Vulnerability Name:

CVE-2010-3034 (CCN-61672)

Assigned:

2010-09-08

Published:

2010-09-08

Updated:

2010-09-13

Summary:

Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2010-3034

Source: CCN
Type: SA41357
Cisco Wireless LAN Controllers Multiple Vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=21291

Source: CCN
Type: cisco-sa-20100908-wlc
Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Source: CISCO
Type: Patch, Vendor Advisory
20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Source: CCN
Type: OSVDB ID: 67925
Cisco WLC Unspecified ACL Bypass (2010-0575)

Source: CCN
Type: BID-43069
Cisco Wireless LAN Controller CVE-2010-3034 ACL Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
cisco-wlc-acl-security-bypass(61672)

Vulnerable Configuration:

Configuration 1:

cpe:/o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.61.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.99.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.112.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.117.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.130.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.174.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.176.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:4.2.182.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.0.148.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.0.148.2:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1.151.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1.152.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:5.1.160.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:6.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:wireless_lan_controller_software:6.0.182.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:cisco:4400_wireless_lan_controller:4.2:*:*:*:*:*:*:*

OR cpe:/h:cisco:4400_wireless_lan_controller:5.2:*:*:*:*:*:*:*

OR cpe:/h:cisco:4400_wireless_lan_controller:5.0:*:*:*:*:*:*:*

OR cpe:/h:cisco:catalyst:3750g:*:*:*:*:*:*:*

Denotes that component is vulnerable