CVE-2007-2039

2007-04-1621:19:00

CWE-399

[email protected]

web.nvd.nist.gov

cisco

wlc

npu

vulnerability

dos

crafted packets

nvd

cve-2007-2039

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.

Affected configurations

NVD

Node

ciscowireless_lan_controller_softwareRange3.2–3.2.171.5

ciscowireless_lan_controller_softwareRange4.0–4.0.206.0

ciscowireless_lan_controller_softwareRange4.1–4.1.171.0

CPENameOperatorVersion
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwarelt3.2.171.5
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwarelt4.0.206.0
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwarelt4.1.171.0

CPE	Name	Operator	Version
cisco:wireless_lan_controller_software	cisco wireless lan controller software	lt	3.2.171.5
cisco:wireless_lan_controller_software	cisco wireless lan controller software	lt	4.0.206.0
cisco:wireless_lan_controller_software	cisco wireless lan controller software	lt	4.1.171.0