VAR-200707-0187
Vulnerability from variot - Updated: 2025-04-10 23:01Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). This allows a second WLC to reprocess the ARP request and incorrectly re-forward the inclusion back to the network. This vulnerability is documented as CSCsj69233. In the case of Layer 3 (L3) roaming, wireless clients move from one controller to another, and the wireless LAN interfaces configured on different controllers are in different IP subnets. In this case, the unicast ARP may not be tunneled back to the anchor controller, but sent by the external controller to its native VLAN. This vulnerability is documented as CSCsj70841
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.116.21"
},
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.155.0"
},
{
"model": "4400 series wireless lan controller",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan controller",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "wireless lan controller",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "airespace 4000 series wireless lan controller",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 3750 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "20070727"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1.180.0"
},
{
"model": "catalyst 6500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "4100 series wireless lan controller",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 6500",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "4400 wireless lan controller",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 3750",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "4100 wireless lan controller",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "airespace 4000 wireless lan controller",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
}
],
"sources": [
{
"db": "BID",
"id": "25043"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:4100_wireless_lan_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:4400_wireless_lan_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:airespace_4000_wireless_lan_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:catalyst_3750",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:catalyst_6500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wireless_lan_controller",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-4011",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-27373",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4011",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-4011",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-466",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-27373",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27373"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. \nAn attacker can exploit these issues to crash the device, denying service to legitimate users. \nThese issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). This allows a second WLC to reprocess the ARP request and incorrectly re-forward the inclusion back to the network. This vulnerability is documented as CSCsj69233. In the case of Layer 3 (L3) roaming, wireless clients move from one controller to another, and the wireless LAN interfaces configured on different controllers are in different IP subnets. In this case, the unicast ARP may not be tunneled back to the anchor controller, but sent by the external controller to its native VLAN. This vulnerability is documented as CSCsj70841",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4011"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"db": "BID",
"id": "25043"
},
{
"db": "VULHUB",
"id": "VHN-27373"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4011",
"trust": 2.8
},
{
"db": "BID",
"id": "25043",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1018444",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2636",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26161",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466",
"trust": 0.7
},
{
"db": "XF",
"id": "35576",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20070724 WIRELESS ARP STORM VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-27373",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27373"
},
{
"db": "BID",
"id": "25043"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"id": "VAR-200707-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27373"
}
],
"trust": 0.72009667
},
"last_update_date": "2025-04-10T23:01:12.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20070724-arp",
"trust": 0.8,
"url": "http://www.cisco.com/en/US/products/csa/cisco-sa-20070724-arp.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a008088ab28.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25043"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018444"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26161"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2636"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35576"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4011"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4011"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2636"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35576"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps6307/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27373"
},
{
"db": "BID",
"id": "25043"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27373"
},
{
"db": "BID",
"id": "25043"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-27373"
},
{
"date": "2007-07-24T00:00:00",
"db": "BID",
"id": "25043"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"date": "2007-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"date": "2007-07-26T00:30:00",
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-27373"
},
{
"date": "2016-07-05T22:00:00",
"db": "BID",
"id": "25043"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002410"
},
{
"date": "2007-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-466"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco 4100 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002410"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "25043"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-466"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…