Sign-up

ID

VAR-200908-0381


CVE

CVE-2009-2976


TITLE

Cisco Aironet Lightweight AP Vulnerabilities in which details of access point settings are discovered

Trust: 0.8

sources: JVNDB: JVNDB-2009-003698

DESCRIPTION

Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network. Cisco Lightweight Access Point is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to stop responding, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtb56664. Cisco Aironet wireless access points (APs) are very popular wireless access network devices. This paper associates devices with malicious controllers so that wireless clients cannot access legitimate network resources. This is a denial of service

Trust: 1.98

sources: NVD: CVE-2009-2976 // JVNDB: JVNDB-2009-003698 // BID: 36145 // VULHUB: VHN-40422

AFFECTED PRODUCTS

vendor:ciscomodel:aironet ap1200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1100scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:aironet ap1100 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet ap1200 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:aironet ap1100scope: - version: -

Trust: 0.6

vendor:ciscomodel:aironet ap1200scope: - version: -

Trust: 0.6

vendor:ciscomodel:lightweight access pointscope:eqversion:0

Trust: 0.3

sources: BID: 36145 // JVNDB: JVNDB-2009-003698 // CNNVD: CNNVD-200908-446 // NVD: CVE-2009-2976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2976
value: HIGH

Trust: 1.0

NVD: CVE-2009-2976
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200908-446
value: HIGH

Trust: 0.6

VULHUB: VHN-40422
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2976
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40422
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40422 // JVNDB: JVNDB-2009-003698 // CNNVD: CNNVD-200908-446 // NVD: CVE-2009-2976

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-40422 // JVNDB: JVNDB-2009-003698 // NVD: CVE-2009-2976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-446

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200908-446

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003698

PATCH
title:Top Pageurl:https://www.cisco.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003698

EXTERNAL IDS
db:NVDid:CVE-2009-2976
Trust: 2.8
db:SECTRACKid:1022774
Trust: 1.7
db:JVNDBid:JVNDB-2009-003698
Trust: 0.8
db:CNNVDid:CNNVD-200908-446
Trust: 0.6
db:BIDid:36145
Trust: 0.4
db:VULHUBid:VHN-40422
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40422 // 
            
            
            
            BID: 36145 // 
            
            
            
            JVNDB: JVNDB-2009-003698 // 
            
            
            
            CNNVD: CNNVD-200908-446 // 
            
            
            
            NVD: CVE-2009-2976

REFERENCES
url:http://www.airmagnet.com/assets/am_technote_skyjack_082509.pdf
Trust: 1.7
url:http://www.airmagnet.com/news/press_releases/2009/08252009.php
Trust: 1.7
url:http://securitytracker.com/id?1022774
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2976
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2976
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=18919
Trust: 0.3
sources:
            
            
            VULHUB: VHN-40422 // 
            
            
            
            BID: 36145 // 
            
            
            
            JVNDB: JVNDB-2009-003698 // 
            
            
            
            CNNVD: CNNVD-200908-446 // 
            
            
            
            NVD: CVE-2009-2976

CREDITS
AirMagnet
Trust: 0.9
sources:
            
            
            BID: 36145 // 
            
            
            
            CNNVD: CNNVD-200908-446

SOURCES
db:VULHUBid:VHN-40422
db:BIDid:36145
db:JVNDBid:JVNDB-2009-003698
db:CNNVDid:CNNVD-200908-446
db:NVDid:CVE-2009-2976

LAST UPDATE DATE
2024-11-23T22:19:15.767000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40422date:2009-08-28T00:00:00
db:BIDid:36145date:2009-09-15T20:01:00
db:JVNDBid:JVNDB-2009-003698date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200908-446date:2009-08-28T00:00:00
db:NVDid:CVE-2009-2976date:2024-11-21T01:06:12.023

SOURCES RELEASE DATE
db:VULHUBid:VHN-40422date:2009-08-27T00:00:00
db:BIDid:36145date:2009-08-25T00:00:00
db:JVNDBid:JVNDB-2009-003698date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200908-446date:2009-08-27T00:00:00
db:NVDid:CVE-2009-2976date:2009-08-27T17:30:00.360