Vulnerability CVE-2009-0062
Published: 2009-02-04   Modified: 2012-02-13

Description:
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Catalyst 3750 series integrated wireless lan controller 
Cisco -> Catalyst 6500 wireless services modules 
Cisco -> Wireless lan controller 
Cisco -> Wireless lan controller software 

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml
http://www.securityfocus.com/bid/33608
http://www.securitytracker.com/id?1021678
Copyright 2024, cxsecurity.com

 

Back to Top