 |
|
|
|
| Cisco Wireless LAN Controller multiple security vulnerabilities | | Published: |  | 08.09.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 11120 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | DoS conditions, privilege escalations, restrictions bypass. |
| Affected: |  | CISCO : Cisco 2100 | | | | CISCO : Cisco 4100 | | | | CISCO : Cisco 5500 | | | | CISCO : Cisco 4400 | | | | CISCO : Cisco 2000 | | | | CISCO : Catalyst 3750G | | CVE: |  | CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575.) | | | | CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.) | | | | CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.) | | | | CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033.) | | | | CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.) | | | | CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034.) | | | | CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653.) |
|
|
|
|
|
|
|
|
