Sign-up

ID

VAR-201403-0207


CVE

CVE-2014-0703


TITLE

Cisco Wireless LAN Controller Vulnerabilities that prevent access restrictions on devices

Trust: 0.8

sources: JVNDB: JVNDB-2014-001581

DESCRIPTION

Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202. Attackers can exploit this issue to bypass certain access restrictions and make unauthorized changes to the device configuration. This may allow an attacker to take complete control of the device. This issue is being tracked by Cisco Bug ID CSCuf66202

Trust: 2.52

sources: NVD: CVE-2014-0703 // JVNDB: JVNDB-2014-001581 // CNVD: CNVD-2014-01539 // BID: 65983 // VULHUB: VHN-68196

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01539

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.100.60

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.100.0

Trust: 1.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:7.4

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.110.0

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4

Trust: 0.6

sources: CNVD: CNVD-2014-01539 // JVNDB: JVNDB-2014-001581 // CNNVD: CNNVD-201403-134 // NVD: CVE-2014-0703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0703
value: HIGH

Trust: 1.0

NVD: CVE-2014-0703
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01539
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-134
value: CRITICAL

Trust: 0.6

VULHUB: VHN-68196
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0703
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01539
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68196
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-01539 // VULHUB: VHN-68196 // JVNDB: JVNDB-2014-001581 // CNNVD: CNNVD-201403-134 // NVD: CVE-2014-0703

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-68196 // JVNDB: JVNDB-2014-001581 // NVD: CVE-2014-0703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-134

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201403-134

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001581

PATCH
title:30830url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30830
Trust: 0.8
title:cisco-sa-20140305-wlcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
Trust: 0.8
title:33099url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33099
Trust: 0.8
title:cisco-sa-20140305-wlcurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122122_cisco-sa-20140305-wlc-j.html
Trust: 0.8
title:Patch for Cisco Wireless LAN Controller Remote Unauthorized Access Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/44127
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01539 // 
            
            
            
            JVNDB: JVNDB-2014-001581

EXTERNAL IDS
db:NVDid:CVE-2014-0703
Trust: 3.4
db:BIDid:65983
Trust: 1.0
db:JVNDBid:JVNDB-2014-001581
Trust: 0.8
db:CNNVDid:CNNVD-201403-134
Trust: 0.7
db:CNVDid:CNVD-2014-01539
Trust: 0.6
db:SECUNIAid:57128
Trust: 0.6
db:CISCOid:20140305 MULTIPLE VULNERABILITIES IN CISCO WIRELESS LAN CONTROLLERS
Trust: 0.6
db:SEEBUGid:SSVID-61689
Trust: 0.1
db:VULHUBid:VHN-68196
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-01539 // 
            
            
            
            VULHUB: VHN-68196 // 
            
            
            
            BID: 65983 // 
            
            
            
            JVNDB: JVNDB-2014-001581 // 
            
            
            
            CNNVD: CNNVD-201403-134 // 
            
            
            
            NVD: CVE-2014-0703

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140305-wlc
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0703
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0703
Trust: 0.8
url:http://secunia.com/advisories/57128
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33099
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01539 // 
            
            
            
            VULHUB: VHN-68196 // 
            
            
            
            BID: 65983 // 
            
            
            
            JVNDB: JVNDB-2014-001581 // 
            
            
            
            CNNVD: CNNVD-201403-134 // 
            
            
            
            NVD: CVE-2014-0703

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65983

SOURCES
db:CNVDid:CNVD-2014-01539
db:VULHUBid:VHN-68196
db:BIDid:65983
db:JVNDBid:JVNDB-2014-001581
db:CNNVDid:CNNVD-201403-134
db:NVDid:CVE-2014-0703

LAST UPDATE DATE
2024-11-23T22:02:13.648000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01539date:2014-03-10T00:00:00
db:VULHUBid:VHN-68196date:2014-03-07T00:00:00
db:BIDid:65983date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2014-001581date:2014-03-07T00:00:00
db:CNNVDid:CNNVD-201403-134date:2014-04-02T00:00:00
db:NVDid:CVE-2014-0703date:2024-11-21T02:02:40.100

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-01539date:2014-03-10T00:00:00
db:VULHUBid:VHN-68196date:2014-03-06T00:00:00
db:BIDid:65983date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2014-001581date:2014-03-07T00:00:00
db:CNNVDid:CNNVD-201403-134date:2014-03-11T00:00:00
db:NVDid:CVE-2014-0703date:2014-03-06T11:55:05.333