CVE-2009-0062

Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/33749
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33608
http://www.securitytracker.com/id?1021678

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:::::::*

History

No history.

Information

Published : 2009-02-05 00:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-0062

Mitre link : CVE-2009-0062

CVE.ORG link : CVE-2009-0062

JSON object : View

Products Affected

cisco

wireless_lan_controller_software
catalyst_3750_series_integrated_wireless_lan_controller
catalyst_6500_wireless_services_modules

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-0062", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-05T00:30:00.327", "references": [{"url": "http://secunia.com/advisories/33749", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/33608", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1021678", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.2.173.0, permite a usuarios remotos autenticados obtener privilegios mediante vectores desconocidos, como es demostrado por la escalada de privilegios desde los niveles (1) Lobby Admin y (2) Local Management User."}], "lastModified": "2018-10-30T16:25:59.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D797EE92-8C85-4C83-A96A-DF1922712742"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7116274D-F131-42CC-99DA-F22CC39E4525"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E96B28A-CF63-48C9-8B8E-8BC432A6A5EF"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75E04EA5-F134-4930-97CB-BD68484403FF"}, {"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC1E1F40-ECB6-42FB-838E-998B1893D5CB"}, {"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57C6B8CB-9277-463B-84EB-AEF36EE40E7B"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}