CVE-2009-0062 - OpenCVE

Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Catalyst 6500 Wireless Services Modules Catalyst 3750 Series Integrated Wireless Lan Controller Wireless Lan Controller Software

Configuration 1 [-]

OR	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:::::::*

References

Link	Resource
http://secunia.com/advisories/33749
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33608
http://www.securitytracker.com/id?1021678

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2009-02-05T00:00:00

Updated: 2009-02-10T10:00:00

Reserved: 2009-01-07T00:00:00

Link: CVE-2009-0062

JSON object: View

NVD Information

Status : Modified

Published: 2009-02-05T00:30:00.327

Modified: 2018-10-30T16:25:59.187

Link: CVE-2009-0062

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-10T10:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"name": "33608", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33608"}, {"name": "33749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33749"}, {"name": "1021678", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021678"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-0062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"name": "33608", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33608"}, {"name": "33749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33749"}, {"name": "1021678", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021678"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-0062", "datePublished": "2009-02-05T00:00:00", "dateReserved": "2009-01-07T00:00:00", "dateUpdated": "2009-02-10T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "D797EE92-8C85-4C83-A96A-DF1922712742", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:*:*:*:*:*:*:*", "matchCriteriaId": "7116274D-F131-42CC-99DA-F22CC39E4525", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8E96B28A-CF63-48C9-8B8E-8BC432A6A5EF", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:*:*:*:*:*:*:*", "matchCriteriaId": "75E04EA5-F134-4930-97CB-BD68484403FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC1E1F40-ECB6-42FB-838E-998B1893D5CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*", "matchCriteriaId": "57C6B8CB-9277-463B-84EB-AEF36EE40E7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.2.173.0, permite a usuarios remotos autenticados obtener privilegios mediante vectores desconocidos, como es demostrado por la escalada de privilegios desde los niveles (1) Lobby Admin y (2) Local Management User."}], "id": "CVE-2009-0062", "lastModified": "2018-10-30T16:25:59.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-05T00:30:00.327", "references": [{"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/33749"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/33608"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1021678"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}