Vulnerabilities > CVE-2009-1167 - Unspecified vulnerability in Cisco products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus
NVD
Published: 2009-07-29
Updated: 2024-11-21

Summary

Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
37

Nessus

NASL familyCISCO
NASL idCISCO-SA-20090727-WLC.NASL
descriptionThe remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities: - Malformed HTTP or HTTPS authentication response Denial of Service (CVE-2009-1164) - SSH connections Denial of Service (CVE-2009-1165) - Crafted HTTP or HTTPS request Denial of Service (CVE-2009-1166) - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability (CVE-2009-1167)
last seen2020-06-01
modified2020-06-02
plugin id70123
published2013-09-25
reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/70123
titleMultiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70123);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:20");

  script_cve_id(
    "CVE-2009-1164",
    "CVE-2009-1165",
    "CVE-2009-1166",
    "CVE-2009-1167"
  );
  script_bugtraq_id(35805, 35817, 35818, 35819);
  script_xref(name:"CISCO-BUG-ID", value:"CSXsx03715");
  script_xref(name:"CISCO-BUG-ID", value:"CSCsw40789");
  script_xref(name:"CISCO-BUG-ID", value:"CSCsy27708");
  script_xref(name:"CISCO-BUG-ID", value:"CSCsy44672");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20090727-wlc");

  script_name(english:"Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)");
  script_summary(english:"Checks the WLC version.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote device is missing a vendor-supplied security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Cisco Wireless LAN Controller (WLC) is affected by one or
more of the following vulnerabilities:

  - Malformed HTTP or HTTPS authentication response Denial
    of Service (CVE-2009-1164)

  - SSH connections Denial of Service (CVE-2009-1165)

  - Crafted HTTP or HTTPS request Denial of Service
    (CVE-2009-1166)

  - Crafted HTTP or HTTPS request unauthorized configuration
    modification vulnerability (CVE-2009-1167)"
  );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090727-wlc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d7b9e59");
  script_set_attribute(
    attribute:"solution",
    value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20090727-wlc."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/25");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:wireless_lan_controller_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:wireless_lan_controller");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CISCO");

  script_dependencies("cisco_wlc_version.nasl");
  script_require_keys("Host/Cisco/WLC/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");

version = get_kb_item_or_exit("Host/Cisco/WLC/Version");
model = get_kb_item_or_exit("Host/Cisco/WLC/Model");

if (
  model !~ "15\d\d" &&
  model !~ "20\d\d" &&
  model !~ "21\d\d" &&
  model !~ "41\d\d" &&
  model !~ "42\d\d" &&
  model !~ "44\d\d"
) audit(AUDIT_HOST_NOT, "affected");

fixed_version = "";
if (version =~ "^3\.2" && ver_compare(ver:version, fix:"3.2.215.0") == -1) fixed_version = "3.2.215.0";
else if (version =~ "^4\.1") fixed_version = "4.2 or later";
else if (version =~ "^4\.1.*M") fixed_version = "5.2, 6.0, or 4.2M";
else if (version =~ "^4\.2" && ver_compare(ver:version, fix:"4.2.205.0") == -1) fixed_version = "4.2.205.0";
else if (version =~ "^5\.0") fixed_version = "5.2 or 6.0";
else if (version =~ "^5\.1") fixed_version = "5.2 or 6.0";
else if (version =~ "^5\.2" && ver_compare(ver:version, fix:"5.2.191.0") == -1) fixed_version = "5.2.191.0";
else audit(AUDIT_HOST_NOT, "affected");

if (report_verbosity > 0)
{
  report =
    '\n  Model             : ' + model +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fixed_version +
    '\n';
  security_hole(port:0, extra:report);
}
else security_hole(0);

References