Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-2040

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Apr, 2007 | 21:00
Updated At-07 Aug, 2024 | 13:23
Rejected At-
Credits

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Apr, 2007 | 21:00
Updated At:07 Aug, 2024 | 13:23
Rejected At:
▼CVE Numbering Authority (CNA)

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/33610
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2007/1368
vdb-entry
x_refsource_VUPEN
http://www.osvdb.org/34133
vdb-entry
x_refsource_OSVDB
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
vendor-advisory
x_refsource_CISCO
http://securitytracker.com/id?1017908
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/23461
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33610
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2007/1368
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.osvdb.org/34133
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://securitytracker.com/id?1017908
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/23461
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/33610
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2007/1368
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.osvdb.org/34133
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
vendor-advisory
x_refsource_CISCO
x_transferred
http://securitytracker.com/id?1017908
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/23461
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33610
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/1368
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.osvdb.org/34133
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://securitytracker.com/id?1017908
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/23461
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Apr, 2007 | 21:19
Updated At:14 Aug, 2019 | 11:28

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.2MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.2
Base severity: MEDIUM
Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>wireless_lan_controller_software>>Versions from 3.2(inclusive) to 3.2.185.0(exclusive)
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>wireless_lan_controller_software>>Versions from 4.0(inclusive) to 4.0.206.0(exclusive)
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_1000-series>>-
cpe:2.3:h:cisco:aironet_1000-series:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_1500-series>>-
cpe:2.3:h:cisco:aironet_1500-series:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://securitytracker.com/id?1017908cve@mitre.org
Third Party Advisory
VDB Entry
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtmlcve@mitre.org
Patch
Vendor Advisory
http://www.osvdb.org/34133cve@mitre.org
Broken Link
http://www.securityfocus.com/bid/23461cve@mitre.org
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/1368cve@mitre.org
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/33610cve@mitre.org
Third Party Advisory
VDB Entry
Hyperlink: http://securitytracker.com/id?1017908
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/34133
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/23461
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2007/1368
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33610
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2016-1435
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7||HIGH
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-23 Jun, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ip_phone_8800_series_firmwareip_phone_8800n/a
CVE-2021-1567
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7||HIGH
EPSS-0.04% / 10.65%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 17:45
Updated-07 Nov, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-427
Uncontrolled Search Path Element
Details not found