CVE-2007-2039 — Cisco Wireless LAN Controller Software vulnerability

CWE-399 CWE-2644 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 26.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Software

Timeline

PublishedApr 16

Latest updateMay 1

Description

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/wireless_lan_controller_software3.2 — 3.2.171.5+2

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-gp6r-fmm5-g6jw: The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3↗2022-05-01

▶

CVEList

CVE-2007-2039: The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3↗2007-04-16

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points↗2007-04-12

▶