Vulnerability CVE-2010-2978

Vulnerability CVE-2010-2978

Published: 2010-08-10 Modified: 2012-02-13

Description:

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Cisco -> Unified wireless network solution software

References:

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html

Copyright 2024, cxsecurity.com