CVE-2010-2984 : Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.

Published 2010-08-10 12:19:10

Updated 2010-08-10 12:19:10

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-2984

Probability of exploitation activity in the next 30 days: 0.24%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2984

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2010-2984

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html

Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.0.98.0 - Cisco

CVEs referencing this url

Products affected by CVE-2010-2984

Cisco » Unified Wireless Network Solution Software » Version: 7.0
cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 4404 Wireless Lan Controller
Cisco » Unified Wireless Network Solution Software » Version: 7.0.98.0
cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0.98.0:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 4404 Wireless Lan Controller

Vulnerability Details : CVE-2010-2984

Exploit prediction scoring system (EPSS) score for CVE-2010-2984

CVSS scores for CVE-2010-2984

References for CVE-2010-2984

Products affected by CVE-2010-2984