Lucene search

CiscoCVE-2011-4014

HistoryMay 02, 2012 - 10:09 a.m.

CVE-2011-4014

2012-05-0210:09:21

CWE-200

cisco

web.nvd.nist.gov

cve-2011-4014

cisco

wireless control system

wcs

remote code execution

bug id csctq86807

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

46.1%

JSON

The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.

Affected configurations

Nvd

Node

ciscowireless_control_system_softwareMatch7.0.164.0

ciscowireless_control_system_softwareMatch7.0.164.3

ciscowireless_control_system_softwareMatch7.0.172.0

ciscowireless_control_system_softwareMatch7.0.220.0

ciscowireless_control_system_softwareMatch7.0.230.0

VendorProductVersionCPE
ciscowireless_control_system_software7.0.164.0cpe:2.3:a:cisco:wireless_control_system_software:7.0.164.0:*:*:*:*:*:*:*
ciscowireless_control_system_software7.0.164.3cpe:2.3:a:cisco:wireless_control_system_software:7.0.164.3:*:*:*:*:*:*:*
ciscowireless_control_system_software7.0.172.0cpe:2.3:a:cisco:wireless_control_system_software:7.0.172.0:*:*:*:*:*:*:*
ciscowireless_control_system_software7.0.220.0cpe:2.3:a:cisco:wireless_control_system_software:7.0.220.0:*:*:*:*:*:*:*
ciscowireless_control_system_software7.0.230.0cpe:2.3:a:cisco:wireless_control_system_software:7.0.230.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	wireless_control_system_software	7.0.164.0	cpe:2.3:a:cisco:wireless_control_system_software:7.0.164.0:::::::*
cisco	wireless_control_system_software	7.0.164.3	cpe:2.3:a:cisco:wireless_control_system_software:7.0.164.3:::::::*
cisco	wireless_control_system_software	7.0.172.0	cpe:2.3:a:cisco:wireless_control_system_software:7.0.172.0:::::::*
cisco	wireless_control_system_software	7.0.220.0	cpe:2.3:a:cisco:wireless_control_system_software:7.0.220.0:::::::*
cisco	wireless_control_system_software	7.0.230.0	cpe:2.3:a:cisco:wireless_control_system_software:7.0.230.0:::::::*

References

www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html

www.securitytracker.com/id?1027011

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

46.1%

JSON

Related for CVE-2011-4014