CVE-2009-0062 - Vulnerability Details - OpenCVE

Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Catalyst 3750 Series Integrated Wireless Lan Controller Catalyst 6500 Wireless Services Modules Wireless Lan Controller Software

Configuration 1 [-]

OR	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:::::::*
	cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:::::::*
	cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/33749
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml
http://www.securityfocus.com/bid/33608
http://www.securitytracker.com/id?1021678

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2009-02-05T00:00:00

Updated: 2024-08-07T04:24:17.028Z

Reserved: 2009-01-07T00:00:00

Link: CVE-2009-0062

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-02-05T00:30:00.327

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0062

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-10T10:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"name": "33608", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33608"}, {"name": "33749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33749"}, {"name": "1021678", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021678"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-0062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"name": "33608", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33608"}, {"name": "33749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33749"}, {"name": "1021678", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021678"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:24:17.028Z"}, "title": "CVE Program Container", "references": [{"name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"name": "33608", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33608"}, {"name": "33749", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33749"}, {"name": "1021678", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021678"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-0062", "datePublished": "2009-02-05T00:00:00", "dateReserved": "2009-01-07T00:00:00", "dateUpdated": "2024-08-07T04:24:17.028Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "D797EE92-8C85-4C83-A96A-DF1922712742", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0:*:*:*:*:*:*:*", "matchCriteriaId": "7116274D-F131-42CC-99DA-F22CC39E4525", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8E96B28A-CF63-48C9-8B8E-8BC432A6A5EF", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0:*:*:*:*:*:*:*", "matchCriteriaId": "75E04EA5-F134-4930-97CB-BD68484403FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC1E1F40-ECB6-42FB-838E-998B1893D5CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2.173.0:*:*:*:*:*:*:*", "matchCriteriaId": "57C6B8CB-9277-463B-84EB-AEF36EE40E7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.2.173.0, permite a usuarios remotos autenticados obtener privilegios mediante vectores desconocidos, como es demostrado por la escalada de privilegios desde los niveles (1) Lobby Admin y (2) Local Management User."}], "id": "CVE-2009-0062", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-05T00:30:00.327", "references": [{"source": "psirt@cisco.com", "url": "http://secunia.com/advisories/33749"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/33608"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id?1021678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021678"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}