VAR-200512-0658
Vulnerability from variot - Updated: 2025-04-03 22:27Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. Both Avaya wireless AP and Proxim wireless AP are very popular wireless access devices.
The problem is caused due to the presence of a static WEP key set to "12345". This can be exploited to bypass the 802.1x authentication process.
Successful exploitation allows access to network resources.
The security issue affects the following products: * Avaya Wireless Access Points AP-3, AP-4, AP-5, and AP-6 (All versions after 2.5 to 2.5.4) * Avaya Wireless Access Points AP-7 and AP-8 (All versions after 2.5 and prior to 3.1)
SOLUTION: Avaya Wireless AP-3: Apply Software Update 2.5.5 for AP3. http://support.avaya.com/japple/css/japple?temp.documentID=280939&temp.productID=107770&temp.bucketID=108025&PAGE=Document
Avaya Wireless AP-4, 5, and 6: Apply Software Update 2.5.5 for AP4, 5, and 6. http://support.avaya.com/japple/css/japple?temp.documentID=280948&temp.productID=107770&temp.bucketID=108025&PAGE=Document
Avaya Wireless AP-7: Apply Software Update 3.1 for AP7. http://support.avaya.com/japple/css/japple?temp.documentID=280946&temp.productID=107770&temp.bucketID=108025&PAGE=Document
Avaya Wireless AP-8: Apply Software Update 2.5.5 for AP4, 5, and 6. http://support.avaya.com/japple/css/japple?temp.documentID=280948&temp.productID=107770&temp.bucketID=108025&PAGE=Document
PROVIDED AND/OR DISCOVERED BY: Urmas Kahar and Tarmo Kaljumae
ORIGINAL ADVISORY: http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0658",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless ap-7",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5"
},
{
"model": "wireless ap-5",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5"
},
{
"model": "wireless ap-8",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5"
},
{
"model": "wireless ap-6",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5"
},
{
"model": "wireless ap-3",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5.4"
},
{
"model": "wireless ap-6",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5.4"
},
{
"model": "wireless ap-5",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5.4"
},
{
"model": "wireless ap-4",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5"
},
{
"model": "wireless ap-4",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5.4"
},
{
"model": "wireless ap-3",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "2.5"
},
{
"model": "ap-4000",
"scope": "eq",
"trust": 1.0,
"vendor": "proxim",
"version": "3.0"
},
{
"model": "ap-600",
"scope": "eq",
"trust": 1.0,
"vendor": "proxim",
"version": "2.5.4"
},
{
"model": "ap-2000",
"scope": "eq",
"trust": 1.0,
"vendor": "proxim",
"version": "2.5.4"
},
{
"model": "ap-700",
"scope": "eq",
"trust": 1.0,
"vendor": "proxim",
"version": "2.4.12"
},
{
"model": "ap-700",
"scope": "eq",
"trust": 1.0,
"vendor": "proxim",
"version": "3.0"
},
{
"model": "ap-4000",
"scope": "eq",
"trust": 1.0,
"vendor": "proxim",
"version": "2.4.12"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Urmas KaharTarmo Kaljumae",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-3253",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14462",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3253",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-341",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14462",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of \"12345\", which allows remote attackers to bypass authentication. Both Avaya wireless AP and Proxim wireless AP are very popular wireless access devices. \n\nThe problem is caused due to the presence of a static WEP key set to\n\"12345\". This can be exploited to bypass the 802.1x authentication\nprocess. \n\nSuccessful exploitation allows access to network resources. \n\nThe security issue affects the following products:\n* Avaya Wireless Access Points AP-3, AP-4, AP-5, and AP-6 (All\nversions after 2.5 to 2.5.4)\n* Avaya Wireless Access Points AP-7 and AP-8 (All versions after 2.5\nand prior to 3.1)\n\nSOLUTION:\nAvaya Wireless AP-3:\nApply Software Update 2.5.5 for AP3. \nhttp://support.avaya.com/japple/css/japple?temp.documentID=280939\u0026temp.productID=107770\u0026temp.bucketID=108025\u0026PAGE=Document\n\nAvaya Wireless AP-4, 5, and 6:\nApply Software Update 2.5.5 for AP4, 5, and 6. \nhttp://support.avaya.com/japple/css/japple?temp.documentID=280948\u0026temp.productID=107770\u0026temp.bucketID=108025\u0026PAGE=Document\n\nAvaya Wireless AP-7:\nApply Software Update 3.1 for AP7. \nhttp://support.avaya.com/japple/css/japple?temp.documentID=280946\u0026temp.productID=107770\u0026temp.bucketID=108025\u0026PAGE=Document\n\nAvaya Wireless AP-8:\nApply Software Update 2.5.5 for AP4, 5, and 6. \nhttp://support.avaya.com/japple/css/japple?temp.documentID=280948\u0026temp.productID=107770\u0026temp.bucketID=108025\u0026PAGE=Document\n\nPROVIDED AND/OR DISCOVERED BY:\nUrmas Kahar and Tarmo Kaljumae\n\nORIGINAL ADVISORY:\nhttp://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3253"
},
{
"db": "VULHUB",
"id": "VHN-14462"
},
{
"db": "PACKETSTORM",
"id": "42570"
},
{
"db": "PACKETSTORM",
"id": "42357"
}
],
"trust": 1.17
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "18057",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "18047",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2005-3253",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2931",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22091",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-341",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-14462",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42570",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42357",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14462"
},
{
"db": "PACKETSTORM",
"id": "42570"
},
{
"db": "PACKETSTORM",
"id": "42357"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"id": "VAR-200512-0658",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14462"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:27:07.905000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://keygen.proxim.com/support/cs/documents/802.1x_vulnerability.pdf"
},
{
"trust": 1.8,
"url": "http://support.avaya.com/elmodocs2/security/asa-2005-233.pdf"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22091"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18047"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18057"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2931"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2931"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/18047/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/std_adp.php?p_faqid=1250"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6679/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6680/"
},
{
"trust": 0.1,
"url": "http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/std_adp.php?p_faqid=1222"
},
{
"trust": 0.1,
"url": "http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/std_adp.php?p_faqid=1221"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6681/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6677/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18057/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6676/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6678/"
},
{
"trust": 0.1,
"url": "http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/std_adp.php?p_faqid=1686"
},
{
"trust": 0.1,
"url": "http://support.avaya.com/japple/css/japple?temp.documentid=280948\u0026temp.productid=107770\u0026temp.bucketid=108025\u0026page=document"
},
{
"trust": 0.1,
"url": "http://support.avaya.com/japple/css/japple?temp.documentid=280946\u0026temp.productid=107770\u0026temp.bucketid=108025\u0026page=document"
},
{
"trust": 0.1,
"url": "http://support.avaya.com/japple/css/japple?temp.documentid=280939\u0026temp.productid=107770\u0026temp.bucketid=108025\u0026page=document"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6524/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6526/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6525/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14462"
},
{
"db": "PACKETSTORM",
"id": "42570"
},
{
"db": "PACKETSTORM",
"id": "42357"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14462"
},
{
"db": "PACKETSTORM",
"id": "42570"
},
{
"db": "PACKETSTORM",
"id": "42357"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-14462"
},
{
"date": "2005-12-27T19:53:43",
"db": "PACKETSTORM",
"id": "42570"
},
{
"date": "2005-12-16T20:41:53",
"db": "PACKETSTORM",
"id": "42357"
},
{
"date": "2005-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"date": "2005-12-16T11:03:00",
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14462"
},
{
"date": "2006-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-341"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-3253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WEP Key Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-341"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…