CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2009-0062
https://notcve.org/view.php?id=CVE-2009-0062
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels. Vulnerabilidad no especificada en Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.2.173.0, permite a usuarios remotos autenticados obtener privilegios mediante vectores desconocidos, como es demostrado por la escalada de privilegios desde los niveles (1) Lobby Admin y (2) Local Management User. • http://secunia.com/advisories/33749 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml http://www.securityfocus.com/bid/33608 http://www.securitytracker.com/id?1021678 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2009-0059
https://notcve.org/view.php?id=CVE-2009-0059
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html. El Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.x anterior a v4.2.176.0 y v5.2.x anterior a 5.2.157.0; permiten a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de una sesión de autenticación Web (también conocido WebAuth) que incluye una solicitud POST mal formada a login.html. • http://secunia.com/advisories/33749 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml http://www.securityfocus.com/bid/33608 http://www.securitytracker.com/id?1021679 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2009-0061
https://notcve.org/view.php?id=CVE-2009-0061
Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets. Vulnerabilidad no especificada en el dispositivo Wireless LAN Controller (WLC) TSEC en Cisco 4400 WLC, Cisco Catalyst 6500 y 7600 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software 4.x versiones anteriores a 4.2.176.0 y 5.x versiones anteriores a 5.1 permite a atacantes remotos provocar una denegación de servicio (cuelgue o caída del servicio) a través de paquetes IPs desconocidos. • http://secunia.com/advisories/33749 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml http://www.securityfocus.com/bid/33608 http://www.securitytracker.com/id?1021679 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-0058
https://notcve.org/view.php?id=CVE-2009-0058
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner. Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.x antes de v4.2.176.0 y v5.x antes de v5.2, permiten a atacantes remotos provocar una denegación de servicio (caída del servicio de autenticación web) mediante tráfico de red no especificado, como ha demostrado un escáner de vulnerabilidades. • http://secunia.com/advisories/33749 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml http://www.securityfocus.com/bid/33608 http://www.securitytracker.com/id?1021679 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 2%CPEs: 10EXPL: 0CVE-2007-4011
https://notcve.org/view.php?id=CVE-2007-4011
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco 4100 y 4400, Airespace 4000, y Catalyst 6500 y 3750 Wireless LAN Controller (WLC) software anterior a 3.2 20070727, 4.0 anterior a 20070727, y 4.1 anterior a 4.1.180.0 permite a atacantes remotos provocar denegación de servicio (amplificación de tráfico o tormenta ARP)a través de una respuesta ARP unicast que (1) tiene una dirección de destino MAC desconocida a la infraestructura Layer-2, también conocida como CSCsj69233; o (2) ocurre a lo lago del roaming Layer-3 a través de subredes IP, también conocido como CSCsj70841. • http://secunia.com/advisories/26161 http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml http://www.securityfocus.com/bid/25043 http://www.securitytracker.com/id?1018444 http://www.vupen.com/english/advisories/2007/2636 https://exchange.xforce.ibmcloud.com/vulnerabilities/35576 •