CVE-2010-2976

The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0:::::::*
	cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0.98.0:::::::*

History

21 Nov 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html -~~	() http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html -

Information

Published : 2010-08-10 12:19

Updated : 2024-11-21 01:17

NVD link : CVE-2010-2976

Mitre link : CVE-2010-2976

CVE.ORG link : CVE-2010-2976

JSON object : View

Products Affected

cisco

unified_wireless_network_solution_software

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2010-2976", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-10T12:19:09.850", "references": [{"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of \"default\" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access."}, {"lang": "es", "value": "El controlador de Cisco Unified Wireless Network (UWN) Solution v7.x anterior a v7.0.98.0 tiene (1) una comunidad p\u00fablica SNMP por defecto de solo lectura, (2) una comunidad privada SNMP por defecto de lectura y escritura, y un valor de \"default\" para el (3) usuario SNMP v3, (4) contrase\u00f1a de autenticaci\u00f3n SNMP v3, y (5) contrase\u00f1a de privacidad, lo que hace m\u00e1s sencillo para usuarios remotos obtener acceso."}], "lastModified": "2024-11-21T01:17:46.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3199EF5-5086-4DDE-997F-9F7F15E9BB21"}, {"criteria": "cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0.98.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CFF7663-19E4-4DD8-BCA0-C1B03F630312"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}