VAR-201401-0580
Vulnerability from variot - Updated: 2022-05-17 01:51Cisco Aironet Access Points are wireless access points. A vulnerability exists in Cisco Aironet Access Points running Cisco IOS that could result in the disclosure of WEP key information. When the Cisco Aironet Access Points have the 'snmp-server enable traps wlan-wep' command set, the AP device running Cisco IOS Software sends the WEP key to the SNMP server in clear text. The affected hardware models include the Cisco Aironet 1100, 1200, and 1400 series, which is turned off by default. The Cisco Aironet AP model running VxWorks is not affected by this vulnerability. To determine if an AP is running Cisco IOS software, as long as the telnet AP address is displayed as simple as apl200% instead of a graphical interface, it indicates that the IOS software is running. The issue has been reported to exist if the 'snmp-server enable traps wlan-wep' command has been set
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0580",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "ios 12.2 ja",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ja1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ja1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3512"
},
{
"db": "BID",
"id": "9143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The disclosure of this issue has been credited to Bill Van Devender.",
"sources": [
{
"db": "BID",
"id": "9143"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2003-3512",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "68b72f12-203c-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2003-3512",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2003-3512"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Aironet Access Points are wireless access points. A vulnerability exists in Cisco Aironet Access Points running Cisco IOS that could result in the disclosure of WEP key information. When the Cisco Aironet Access Points have the \u0027snmp-server enable traps wlan-wep\u0027 command set, the AP device running Cisco IOS Software sends the WEP key to the SNMP server in clear text. The affected hardware models include the Cisco Aironet 1100, 1200, and 1400 series, which is turned off by default. The Cisco Aironet AP model running VxWorks is not affected by this vulnerability. To determine if an AP is running Cisco IOS software, as long as the telnet AP address is displayed as simple as apl200% instead of a graphical interface, it indicates that the IOS software is running. \nThe issue has been reported to exist if the \u0027snmp-server enable traps wlan-wep\u0027 command has been set",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3512"
},
{
"db": "BID",
"id": "9143"
},
{
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
}
],
"trust": 1.17
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-3512",
"trust": 1.0
},
{
"db": "BID",
"id": "9143",
"trust": 0.9
},
{
"db": "IVD",
"id": "68B72F12-203C-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D70F6F0-463F-11E9-A3C9-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2003-3512"
},
{
"db": "BID",
"id": "9143"
}
]
},
"id": "VAR-201401-0580",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2003-3512"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2003-3512"
}
]
},
"last_update_date": "2022-05-17T01:51:11.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\\302\\240\\302\\240\\302\\240\\302\\240\\302\\240Cisco Aironet AP SNMP trap leaks patches for WEP key vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42742"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
}
],
"sources": [
{
"db": "BID",
"id": "9143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2003-3512"
},
{
"db": "BID",
"id": "9143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "IVD",
"id": "68b72f12-203c-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-24T00:00:00",
"db": "IVD",
"id": "7d70f6f0-463f-11e9-a3c9-000c29342cb1"
},
{
"date": "2003-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-3512"
},
{
"date": "2003-12-02T00:00:00",
"db": "BID",
"id": "9143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-3512"
},
{
"date": "2003-12-02T00:00:00",
"db": "BID",
"id": "9143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "9143"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Aironet AP SNMP trap leaking WEP key vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3512"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "9143"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…