VAR-200312-0516
Vulnerability from variot - Updated: 2022-05-17 02:09Cisco Aironet Access Points are wireless access points.
Vulnerabilities in Cisco Aironet Access Points when running Cisco IOS could result in the disclosure of WEP key information.
When the 'snmp-server enable traps wlan-wep' command is set on Cisco Aironet Access Points, AP devices running Cisco IOS software will send WEP keys to the SNMP server in clear text. The affected hardware models include the Cisco Aironet 1100, 1200, and 1400 series. This command is disabled by default. The Cisco Aironet AP model running VxWorks is not affected by this vulnerability.
To determine whether the AP is running Cisco IOS software, as long as the telnet AP address is displayed, if it is simply provided such as apl200% instead of a graphical interface, it indicates that the IOS software is running
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3517"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Aironet Access Points are wireless access points. \n\n\u00a0Vulnerabilities in Cisco Aironet Access Points when running Cisco IOS could result in the disclosure of WEP key information. \n\n\u00a0When the \u0027snmp-server enable traps wlan-wep\u0027 command is set on Cisco Aironet Access Points, AP devices running Cisco IOS software will send WEP keys to the SNMP server in clear text. The affected hardware models include the Cisco Aironet 1100, 1200, and 1400 series. This command is disabled by default. The Cisco Aironet AP model running VxWorks is not affected by this vulnerability. \n\n\u00a0To determine whether the AP is running Cisco IOS software, as long as the telnet AP address is displayed, if it is simply provided such as apl200% instead of a graphical interface, it indicates that the IOS software is running",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3517"
},
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-3517",
"trust": 1.0
},
{
"db": "IVD",
"id": "7D70F6F1-463F-11E9-875E-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "6A2E8930-203C-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2003-3517"
}
]
},
"id": "VAR-200312-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2003-3517"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2003-3517"
}
]
},
"last_update_date": "2022-05-17T02:09:32.527000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2003-3517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-12-02T00:00:00",
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
},
{
"date": "2003-12-02T00:00:00",
"db": "IVD",
"id": "6a2e8930-203c-11e6-abef-000c29c66e3d"
},
{
"date": "2003-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-3517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-3517"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Aironet AP SNMP trap leaks WEP key vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3517"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d70f6f1-463f-11e9-875e-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…